Feeds

Apple squashes location tracking 'bugs' with iOS update

Cell tower and Wi-Fi database cache shrunk

The Power of One eBook: Top reasons to choose HP BladeSystem

Apple has released an iOS update that changes the way its mobile operating system treats the database cache at the heart of the recent kerfuffle over the Jobsian location services.

On Wednesday, Steve Jobs and company pushed out iOS 4.3.3, saying it contains three changes to the operating system's "crowd-sourced location database cache", also known as "consolidated.db". According to Apple, the update reduces the size of the cache (by an unspecified amount), ensures that the cache is no longer backed up to iTunes when you connect to a PC, and deletes the cache when iOS location services are turned off.

Apple uses customer iPhones to build a database of Wi-Fi networks and cell towers that mobile applications can use to pinpoint the location of a particular device. This data is used in tandem with GPS in order to improve the speed and accuracy of location services.

When determining a phone's location, Apple downloads a portion of this database to the device, and this is stored in consolidated.db. "A small localized cache on the device is very helpful for speed," says Ted Morgan, CEO of Skyhook, a company that offers similar location services. "Rather than having to keep going back to the server, you keep a small subset of the reference data locally so that while you are within a 10 block area it just uses the local file until you move farther away...[This is] for speed and for not having to rely on a flakey cellphone network connection."

Last month, independent researchers released a report reporting that the Apple file may contain data on cell tower and Wi-Fi networks related to places you've visited a year ago or more. This data, it soon emerged, has long been used by law enforcement to determine the past location of phone owners. After the report sparked a media firestorm, Apple posted an FAQ on its website that addressed the database cache.

Apple acknowledged that the database cache gets backed up to iTunes when iPhones are synced, that it may store as much as a year's worth of data, and that it remained on the phone even when location services were turned off. But it called all three "bugs", vowing to make changes with a future update to iOS. Apple said it needed to store only about seven days' worth of data.

According to tests by independent security researcher Samy Kamkar, the iPhone was also collecting new data on cell tower and Wi-Fi networks when location services were off, and sending this data back to its servers. It's unclear whether the update stops these collections as well. According to Skyhook's Morgan, the collection of the data and the downloading of the cache to the phone typically work hand-in-hand.

Apple has acknowledged that consolidated.db cache is not encrypted, and it does not appear this has changed with the new iOS update. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.