Feeds

Apple squashes location tracking 'bugs' with iOS update

Cell tower and Wi-Fi database cache shrunk

Protecting users from Firesheep and other Sidejacking attacks with SSL

Apple has released an iOS update that changes the way its mobile operating system treats the database cache at the heart of the recent kerfuffle over the Jobsian location services.

On Wednesday, Steve Jobs and company pushed out iOS 4.3.3, saying it contains three changes to the operating system's "crowd-sourced location database cache", also known as "consolidated.db". According to Apple, the update reduces the size of the cache (by an unspecified amount), ensures that the cache is no longer backed up to iTunes when you connect to a PC, and deletes the cache when iOS location services are turned off.

Apple uses customer iPhones to build a database of Wi-Fi networks and cell towers that mobile applications can use to pinpoint the location of a particular device. This data is used in tandem with GPS in order to improve the speed and accuracy of location services.

When determining a phone's location, Apple downloads a portion of this database to the device, and this is stored in consolidated.db. "A small localized cache on the device is very helpful for speed," says Ted Morgan, CEO of Skyhook, a company that offers similar location services. "Rather than having to keep going back to the server, you keep a small subset of the reference data locally so that while you are within a 10 block area it just uses the local file until you move farther away...[This is] for speed and for not having to rely on a flakey cellphone network connection."

Last month, independent researchers released a report reporting that the Apple file may contain data on cell tower and Wi-Fi networks related to places you've visited a year ago or more. This data, it soon emerged, has long been used by law enforcement to determine the past location of phone owners. After the report sparked a media firestorm, Apple posted an FAQ on its website that addressed the database cache.

Apple acknowledged that the database cache gets backed up to iTunes when iPhones are synced, that it may store as much as a year's worth of data, and that it remained on the phone even when location services were turned off. But it called all three "bugs", vowing to make changes with a future update to iOS. Apple said it needed to store only about seven days' worth of data.

According to tests by independent security researcher Samy Kamkar, the iPhone was also collecting new data on cell tower and Wi-Fi networks when location services were off, and sending this data back to its servers. It's unclear whether the update stops these collections as well. According to Skyhook's Morgan, the collection of the data and the downloading of the cache to the phone typically work hand-in-hand.

Apple has acknowledged that consolidated.db cache is not encrypted, and it does not appear this has changed with the new iOS update. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.