A computer forensics expert says iOS data locations logs are neither new nor nefarious. A computer forensics expert says the iPhone location tracking revelation “misrepresents” Apple, isn’t a secret and that he published information about it months ago.Why is Your iPhone or iPad Spying on You?The claims are made in a long blog post by Alex Levinson, senior engineer for Katana Forensics, which develops Lantern, an iOS forensic analysis application. Levinson’s post is a response to a presentation this week by Alasdair Allan and Peter Wardman at the O’Reilly Where 2.0 conference.BACKGROUND: iPhones secretly stashing history of your location As reported yesterday, the two programmers presented details of an iOS 4.0 database file, usually unencrypted, created on the iPhone and then synced to a user’s Mac. This file contains thousands of time-stamped latitude and longitude pairings, apparently based on cell tower triangulation calculations. The data is a very detailed track of where the iPhone (or iPad or iPod Touch) has been. The programmers created an open source application, called iPhone Tracker, that plots the data on a map, so the user can see the track of the device’s locations.In his own blog post, Wardman notes and links to a comment by another forensics researcher that this “consolidated.db” file will be familiar to forensics researchers, that is, to people like Levinson. But it was clearly new to Allan and Wardman, who were startled at how much location data the file contained. Wardman even acknowledged another attempt in the fall of 2010, by a French writer, to popularize a wider awareness of this iPhone data file. Levinson argues that Apple is being “completely misrepresented” by the two men, and that the file is neither new nor secret. Levinson says he discovered and wrote about it in a research paper and book months ago.IOS UPDATE: Version 4.3.2 addresses FaceTime, 3G shortcomingsLevinson baldly asserts that “Apple is not collecting this data.” His disagreement with Allan and Wardman may be a matter of differing definitions. The two programmers assert the location data collection on the iOS device is “intentional,” which seems hard to deny given the fact that all agree there is a database file that stores a great deal of exactly this kind of data, and, as Allan and Wardman point out, the file is preserved across multiple backups.Levinson seems to define “intentional data collection” as “Apple pulls this information from your personal device over a network connection into its own servers.” He says there’s no evidence this is happening. Allan and Wardman say the same thing: no evidence.Levinson expands on why this data is being collected at all. “Built-In applications such as Maps and Camera use this geolocational data to operate,” he writes. “Apple provides an API for access to location awareness called Core Location.” He quotes from Apple’s description of this software library: “… You use the classes and protocols in this framework to configure and schedule the delivery of location and heading events. You can also use it to define geographic regions and monitor when the user crosses the boundaries of those regions.”Contrary to Allan and Wardman, Levinson says this file existed before iOS 4.0: it simply had a different name, and it was hard to access even for forensics specialists. What changed in version 4.0 was that Apple allowed programmers to do some limited multitasking in iOS. With iOS 4.0, Levinson says, “Apps now have to use Apple’s API to operate in the background. … Because of these new APIs and the sandbox design of 3rd party applications, Apple had to move access to this [location] data.”“Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the Settings menu on their device,” he points out. But behind the scenes, the actual logging of the data continues, even though a given application may be barred from using it.Finally, Levinson lays out in very detailed fashion his own research in this area, starting in 2010. One fruit of the research is a paper, “Third Party Application Forensics on Apple Mobile Devices,” which Levinson co-authored and presented earlier in 2011. Among other things, it describes the consolidated.db file.Levinson also contributed to the book “iOS Forensic Analysis for iPhone, iPad and iPod Touch,” primarily authored by Sean Morrissey and published by Apress in December 2010. John Cox covers wireless networking and mobile computing for Network World.Twitter: http://twitter.com/johnwcoxnwwEmail: john_cox@nww.comBlog RSS feed: http://www.networkworld.com/community/blog/2989/feedRead more about anti-malware in Network World’s Anti-malware section. Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe