Many critics believed turning off your iOS device’s location services could disable Apple’s recently publicised cell tower and Wi-Fi access point location database installed on iPhones and 3G iPads.
But it turns out that your iOS device will keep on recording cell tower and Wi-Fi access points even if you turn off your device’s location-finding capabilities, according to The Wall Street Journal. The newspaper said independent privacy and security researcher Ashkan Soltani – who has worked with the Journal on several occasions – corroborated its findings.
The Journal says it restored an iPhone running the ‘latest version of iOS’ (presumably iOS 4.3.2) to factory settings and then ran it with location services turned on. The paper’s researchers then recorded the phone’s location data, presumably found in the now infamous consolidated.db file, and turned off the device’s location services. To do this you open your iOS device’s Settings app, select “Location Services” and then toggle the slider button to “Off.”
Despite turning off location data for several hours, the iPhone continued to record cell tower and Wi-Fi access point location information, the Journal says. The data recorded was the same as before, including time stamp information and location coordinates. As others have found, the location coordinates were not always accurate and were sometimes located several miles away from where the device actually was.
Put Down That Tin Foil (For Now)
It’s easy to get carried away with this information and assume the location data your device is collecting is in some way nefarious. But it turns out this may actually be a case of poorly designed software, as some have already suggested. Soltani, along with several others discussing the issue on Twitter, believe the file is just a poorly conceived and implemented cache of cell tower and Wi-Fi access point location data.
A recent personal blog post by Peter Batty, vice president of geospatial technology for location technology firm Ubisense, says your iPhone is not storing your location nor is it recording your location history. Instead, the consolidated.db file is recording cell towers and access points to “help locate you as you move.” Batty also emphasizes that this file does not record repeated visits to a particular area, only when your most recent visit occurred. “This data…cannot be used to determine where you live, or work, or go to school, or who your doctor is,” Batty writes.
Apple’s Not Off The Hook Yet
But keep in mind that while there is a prevailing view that Apple is not pulling data from your device’s consolidated.db file, the company is still getting cell tower and Wi-Fi access point location information from iOS devices. Apple uses this information to improve the location-based capabilities of iOS devices.
Apple already acknowledged, in a letter to Reps. Markey and Joe Barton (R-Texas) (PDF) in July 2010, that the company receives encrypted and anonymized cell tower and Wi-Fi access point information from some iOS devices using Apple’s location services feature. There are also reports that for at least a year law enforcement officials have been retrieving information from consolidated.db off the iOS devices of arrested suspects.
Apple has yet to comment on consolidated.db, but the company won’t be able to remain tight-lipped for much longer. U.S. Senator Al Franken and Rep. Edward J. Markey are both demanding answers from Apple in letters to company chief Steve Jobs. Markey, co-chair of the Congressional Privacy Caucus, took things a step further on Saturday by calling for a House inquiry into privacy practices of technology companies such as Apple and Google, according to The Hill.
But any such investigation would be ultimately meaningless without also investigating how cell phone carriers are treating similar data that they collect, and how easily these companies are handing over your mobile device’s location information to law enforcement officials.