Feeds

Apple squashes location tracking 'bugs' with iOS update

Cell tower and Wi-Fi database cache shrunk

Beginner's guide to SSL certificates

Apple has released an iOS update that changes the way its mobile operating system treats the database cache at the heart of the recent kerfuffle over the Jobsian location services.

On Wednesday, Steve Jobs and company pushed out iOS 4.3.3, saying it contains three changes to the operating system's "crowd-sourced location database cache", also known as "consolidated.db". According to Apple, the update reduces the size of the cache (by an unspecified amount), ensures that the cache is no longer backed up to iTunes when you connect to a PC, and deletes the cache when iOS location services are turned off.

Apple uses customer iPhones to build a database of Wi-Fi networks and cell towers that mobile applications can use to pinpoint the location of a particular device. This data is used in tandem with GPS in order to improve the speed and accuracy of location services.

When determining a phone's location, Apple downloads a portion of this database to the device, and this is stored in consolidated.db. "A small localized cache on the device is very helpful for speed," says Ted Morgan, CEO of Skyhook, a company that offers similar location services. "Rather than having to keep going back to the server, you keep a small subset of the reference data locally so that while you are within a 10 block area it just uses the local file until you move farther away...[This is] for speed and for not having to rely on a flakey cellphone network connection."

Last month, independent researchers released a report reporting that the Apple file may contain data on cell tower and Wi-Fi networks related to places you've visited a year ago or more. This data, it soon emerged, has long been used by law enforcement to determine the past location of phone owners. After the report sparked a media firestorm, Apple posted an FAQ on its website that addressed the database cache.

Apple acknowledged that the database cache gets backed up to iTunes when iPhones are synced, that it may store as much as a year's worth of data, and that it remained on the phone even when location services were turned off. But it called all three "bugs", vowing to make changes with a future update to iOS. Apple said it needed to store only about seven days' worth of data.

According to tests by independent security researcher Samy Kamkar, the iPhone was also collecting new data on cell tower and Wi-Fi networks when location services were off, and sending this data back to its servers. It's unclear whether the update stops these collections as well. According to Skyhook's Morgan, the collection of the data and the downloading of the cache to the phone typically work hand-in-hand.

Apple has acknowledged that consolidated.db cache is not encrypted, and it does not appear this has changed with the new iOS update. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.