Full Disclosure mailing list archives
Re: iPhone Geolocation storage
From: "Ivan ." <ivanhec () gmail com>
Date: Tue, 26 Apr 2011 20:12:02 +1000
Interesting write up, and apparently old news.... https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/ On Fri, Apr 22, 2011 at 1:59 PM, mark seiden <mis () seiden com> wrote:
yes, that's right. on one of the forensics lists someone pointed out that he started google maps for 6 seconds and ended up with 1253 locations in the cache, all with the same time stamp. those would be potential known locations in your neighborhood. much fuller disclosure in http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf including that the some of the location data comes from.... google. it looks like everything gets anonymized, aggregated to 5 digit zipcodes, and max retention of 6 months, but don't talk much about what the device does except when it uploads data. the congressional disclosure, while it makes me feel better about location data, contains a few choice items like it's unclear how apple can keep app developers from retaining location data. which doesn't seem forbidden by apple, only by law. it's also unclear why they keep really old data in the cache on the phone. cache bloat results for little benefit. the android doesn't do time-based pruning either and has a similar location cache with the same data it. it appears to me that since the keying is by mac address or the tower id that there will only be one timestamped item for each of those. so if you go around the same neighborhood repeatedly, the same data will be in the cache. so not exactly tracking, just recency. but it would seem prudent to both specify and implement the briefest retention of the location data that was possible to perform the function expected by the user. On Apr 20, 2011, at 12:34 PM, Brandon Matthews wrote:I've been poring over my phone's data, and I'm not sure if the resolutionisjust very low, or if it's logging the locations of towers and not myphone.Ex: http://imgur.com/2m5tO I'm going to xref with FCC databases soon to try and find out. B (Not speaking for Cisco, only for myself and with nobody's approval) On 4/20/11 12:11 PM, "Michele Orru" <antisnatchor () gmail com> diddeclare:Already twitted today. Pretty scary btw. I hope there's not the equivalent for Android. antisnatchor------------------------------------------------------------------------Thor (Hammer of God) <mailto:thor () hammerofgod com> April 20, 2011 9:05 PM For those of you who have not seen this yet: http://radar.oreilly.com/2011/04/apple-location-tracking.html Description: Description: Description:cid:image001.png@01CBA43F.5B83F2A0/There's no reason to think "outside the box" / /if you don't think yourself into it. / ** *My newest book: "Thor's Microsoft Security Bible <http://www.amazon.com/Thors-Microsoft-Security-Bible-Infrastructures/dp/1597495727C:/Users/thor/Documents/Cakewalk>" * ** *Timothy Thor Mullen thor () hammerofgod com <mailto:thor () hammerofgod com>* *http://www.hammerofgod.com <http://www.hammerofgod.com/>* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: iPhone Geolocation storage, (continued)
- Re: iPhone Geolocation storage Zach C. (Apr 20)
- Re: iPhone Geolocation storage Ivan . (Apr 20)
- Re: iPhone Geolocation storage Jeffrey Walton (Apr 20)
- Re: iPhone Geolocation storage Marcio B. Jr. (Apr 20)
- Re: iPhone Geolocation storage Zach C. (Apr 20)
- Re: iPhone Geolocation storage Marcio B. Jr. (Apr 20)
- Re: iPhone Geolocation storage Ivan . (Apr 20)
- Re: iPhone Geolocation storage Michael Holstein (Apr 21)
- Re: iPhone Geolocation storage mark seiden (Apr 21)
- Re: iPhone Geolocation storage Ivan . (Apr 26)
- Re: iPhone Geolocation storage Ivan . (Apr 26)
- Re: iPhone Geolocation storage nix (Apr 27)
- Re: iPhone Geolocation storage Ivan . (Apr 27)
- Re: iPhone Geolocation storage Ivan . (Apr 28)
- Re: iPhone Geolocation storage Christian Sciberras (Apr 28)
- Re: iPhone Geolocation storage Valdis . Kletnieks (Apr 29)
- Re: iPhone Geolocation storage Christian Sciberras (Apr 29)