iOS 4.3.3 and iOS 4.2.8 Address Location Tracking Bugs
On April 20, 2011, researchers Alasdair Allan and Pete Warden announced that they had discovered a file within iOS, consolidated.db, that seemingly tracked every single location that an iOS device has ever visited. Furthermore, this file was not encrypted and was backed up each time the iOS device synced with iTunes to a user’s computer, making the file available on the syncing computer as well as on the device. Although the file was actually known about for quite some time, a media firestorm erupted following the announcement, with many articles speculating that Apple was tracking users’ every move for unknown, but probably nefarious reasons, and which led to several requests by Congressional representatives for Apple to explain the purpose behind collecting the information.
Apple responded within a week with a press release explaining what the consolidated.db file was, and why it was storing as much information as it seemed to be storing (see this TidBITS article, “Apple Addresses Location Controversy Questions,” 27 April 2011, for details on that press release). In a nutshell, Apple claimed that a bug was the reason that the file contained so much information, that the file was designed merely to help the iOS device’s Location Services feature establish location more easily, that it actually contained information about nearby Wi-Fi access points and cell towers rather than the device’s actual location, that no user-identifiable information was being sent back to Apple, and that a forthcoming release of iOS would address the bug and keep the file from being backed up to users’ computers.
On May 4, Apple released two updates to iOS that address the problem. One, iOS 4.3.3, updates all GSM iPhone 3GS and iPhone 4 models, iPad and iPad 2 devices, and third and fourth generation iPod touch devices. The other, iOS 4.2.8, updates all CDMA iPhone 4s (see the TidBITS article, “iOS 4.3.3 and 4.2.8,” 4 May 2011). Updated devices now will store only a week’s worth of location information, and that information will not be backed up when the device syncs with iTunes. Furthermore, the location information cached by devices is erased whenever users disable Location Services.
Posted by Michael E. Cohen (Permalink)