RSS Alerts

Share

More services

Related Stories

  • News Feature: Time to Avoid the Droid?
    Finally, hype has matched reality in the world of mobile security. Drew Amorosi chronicles the recent ups and downs of the bustling Android Market to find out why it is in the crosshairs of the security industry
  • iPhone keylogging hackware arrives
    The first Apple iPhone keylogging 'utility' has reportedly arrived in the security industry. Ostensibly for legitimate use, iKeyGuard is also being discussed as potential darkware.
  • Pandora supplies documents for federal probe into mobile app data sharing
    Internet radio company Pandora Media has been asked for documents related to a federal grand jury probe into information sharing by smartphone applications that run on Apple and Android mobile platforms.
  • Jailbreak for iPhone, iPad 4.3.1 available
    Cellcos selling network locked iPhones and iPads have woken up this morning to news that the famous iPhone Dev Team have released an 'untethered' jailbreak for iOS 4.3.1, the latest version of the operating system for the iPhone, iPad and iPod Touch.
  • Android trojan gathers personal data, publicly ridicules downloaders
    Google Android users are being warned about a 'free' version of the popular Walk and Text app, a piece of software that allows users to view what is in front of them while they are texting.

Top 5 Stories

News

Apple and Android smartphones silently track their users

22 April 2011

Now there may be another reason than saving battery power to switch off the GPS option on your smartphone, as reports are coming in that Apple iPhone and Google Android handsets maintain unannounced logs on the time/location of the mobile.

According to the BBC, the iPhone GPS/time logging also affects iPad users, although it appears only to involve iPads which are GSM/mobile broadband-enabled, Infosecurity notes.

Two researchers – Alisdair Allan and Pete Warden – released the technical details of the GPS/time logging database details earlier this week, generating a storm of protest from outraged iPhone users.

Now the dust has settled on the issue, it seems that Apple may have engineered the logging feature within iOS 4.x to allow it to develop a WiFi access point service, especially since such monitoring is covered in the iPhone's terms of use that cellcos apply to users.

Despite this, users are upset by reports that the data is also transferred to the users' computer when an iTunes sync is carried out, as well as the fact that the data files are not encrypted.

The BBC quotes Graham Cluley, Sophos' senior technology consultant, as saying that it is unlikely that Apple planned to use the information for commercial purposes.

"I think there are some legitimate privacy concerns and people will probably look for a way of obscuring that data", he said, adding that it is an object lesson about reading the terms and conditions.

The GPS/time logging issue, meanwhile, is reportedly less in-depth on the Google platform, but an Android app capable of accessing and interpreting the data – held in cache.cell and cache.wifi files on mobile – has already been developed.

Unlike Apple, Google has been more forthcoming on the issue, claiming that the database allows the handset to discover its location a lot more easily than having to conduct a full scan each GPS scanning cycle, and so draining the battery.

John Gruber, a security researcher, said that the iPhone database is not actually GPS data, but is actually extrapolating the position from nearby cellular base stations.

"The database can't reveal where you were – only that you were in a certain vicinity. Sometimes it's miles and miles off. This implies that the logfile's purpose is to track the performance of the phone and the network, and not the movements of the user", he said in his security blog.

Gruber notes that users can encrypt the data if they tick the relevant box on iTunes, while "a third party couldn't get access to this file without physical access to your computer or your iPhone.

"Not unless you've jailbroken your iPhone and didn't bother resetting its remote-access password – or there's an unpatched exploit that would give a 'Random Person on the Internet' root access to your phone", he said.

This article is featured in:
Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012