- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
The claims are made in a long blog post by Alex Levinson, senior engineer for Katana Forensics, which develops Lantern, an iOS forensic analysis application. Levinson's post is a response to a presentation this week by Alasdair Allan and Peter Wardman at the O'Reilly Where 2.0 conference.
As reported yesterday, the two programmers presented details of an iOS 4.0 database file, usually unencrypted, created on the iPhone and then synced to a user's Mac. This file contains thousands of time-stamped latitude and longitude pairings, apparently based on cell tower triangulation calculations. The data is a very detailed track of where the iPhone (or iPad or iPod Touch) has been. The programmers created an open source application, called iPhone Tracker, that plots the data on a map, so the user can see the track of the device's locations.
In his own blog post, Wardman notes and links to a comment by another forensics researcher that this "consolidated.db" file will be familiar to forensics researchers, that is, to people like Levinson. But it was clearly new to Allan and Wardman, who were startled at how much location data the file contained. Wardman even acknowledged another attempt in the fall of 2010, by a French writer, to popularize a wider awareness of this iPhone data file.
Levinson argues that Apple is being "completely misrepresented" by the two men, and that the file is neither new nor secret. Levinson says he discovered and wrote about it in a research paper and book months ago.
Levinson baldly asserts that "Apple is not collecting this data." His disagreement with Allan and Wardman may be a matter of differing definitions. The two programmers assert the location data collection on the iOS device is "intentional," which seems hard to deny given the fact that all agree there is a database file that stores a great deal of exactly this kind of data, and, as Allan and Wardman point out, the file is preserved across multiple backups.
Levinson seems to define "intentional data collection" as "Apple pulls this information from your personal device over a network connection into its own servers." He says there's no evidence this is happening. Allan and Wardman say the same thing: no evidence.
Levinson expands on why this data is being collected at all. "Built-In applications such as Maps and Camera use this geolocational data to operate," he writes. "Apple provides an API for access to location awareness called Core Location." He quotes from Apple's description of this software library: "... You use the classes and protocols in this framework to configure and schedule the delivery of location and heading events. You can also use it to define geographic regions and monitor when the user crosses the boundaries of those regions."