The Apple spyPhone (contd.)

It’s fascinating to see what happened overnight on this story. Firstly, lots of people began posting maps of where their iPhones had been, which is a clear demonstration of the First Law of Technology — which says that if something can be done then it will be done, irrespective of whether it makes sense or not. Personally I’ve always been baffled by how untroubled geeks are about revealing location data. I remember one dinner party of ours which was completely ruined when one guest, a friend who had been GPS-tracking his location for three years, was asked by another guest, the late, lamented Karen Spärck Jones, if he wasn’t bothered by the way this compromised his privacy. He replied in the negative because he had “nothing to hide”. There then followed two hours of vigorous argument which touched on, among other things, the naivete of geeks, the ease with which the punctiliousness of Dutch bureaucracy made it easy to round up Dutch Jews after the Germans invaded Holland in the Second World War, the uses to which location data might be put by unsavoury characters and governments, Karl Popper and the Open Society, etc. etc.

Michael Dales has a couple of interesting blog posts (here and here) about the iPhone data-gathering facility. And, like all geeks, he’s totally unsurprised by the whole affair.

It seems rather than worry geeks, most of us find the data amazing. I suspect that’s because most of us know that this data could be got otherhow anyway – all it really shows is where your phone has been, and the phone operators know that anyway – and I typically trust them a lot less than I trust Apple (not that I think Apple is angelic, it’s a shareholder owned company, but I generally have a more antagonistic relationship with phone companies than I do Apple). So the fact the data resides on my phone is handy – if I was worried about people tracking where my phone goes then I’d never turn it on.

Michael also sees positive angles to this.

If you have a Mac and want to see where your iPhone has been (and then, like most people, post it to the Internet :) then you can get the tool to do so here. What I think is potentially really exciting is what you can do with the data now that you have access to it, not just your phone company. Quentin has already had the idea that you could use it to geotag your photos, which would be awesome, but how about things like carbon calculators, trip reports, and so on?

This post attracted a useful comment from ScaredyCat which gets to the heart of the problem:

The brouhaha isn’t just about the data being stored, it’s about the data being stored unencrypted. I love data like any geek but you do have to wonder why the data is being collected in the first place.

Precisely. What the data-logging and storage facility means is that your iPhone is potentially a source of useful confidential information for people who would have no hope of obtaining that information legally from a mobile phone network.

This point is neatly encapsulated by Rory Cellan-Jones in his blog post:

This obviously has intriguing implications for anyone who possesses one of these devices. What, for instance, if you had told your wife that you were off on a business trip – when in fact you had slipped off to the slopes with some mates – and she then managed to track down your iPhone location file? (I should stress that this is an imaginary scenario).

For divorce lawyers, particularly in the United States, the first question when taking on a new client could be “does your spouse own an iPhone?” And law enforcement agencies will also be taking a great interest in the iPhones – or iPads – of anyone they are tracking.

The other interesting thing about the spyPhone story is that, according to Alex Levinson, it’s an old story. He says that

Back in 2010 when the iPad first came out, I did a research project at the Rochester Institute of Technology on Apple forensics. Professor Bill Stackpole of the Networking, Security, & Systems Administration Department was teaching a computer forensics course and pitched the idea of doing forensic analysis on my recently acquired iPad. We purchased a few utilities and began studying the various components of apple mobile devices. We discovered three things:

* Third Party Application data can contain usernames, passwords, and interpersonal communication data, usually in plain text.
* Apple configurations and logs contain lots of network and communication related data.
* Geolocational Artifacts were one of the single most important forensic vectors found on these devices.

After presenting that project to Professor Stackpole’s forensic class, I began work last summer with Sean Morrissey, managing director of Katana Forensics on it’s iOS Forensic Software utility, Lantern. While developing with Sean, I continued to work with Professor Stackpole an academic paper outlining our findings in the Apple Forensic field. This paper was accepted for publication into the Hawaii International Conference for System Sciences 44 and is now an IEEE Publication. I presented on it in January in Hawaii and during my presentation discussed consolidated.db and it’s contents with my audience – my paper was written prior to iOS 4 coming out, but my presentation was updated to include iOS 4 artifacts.

Thanks to David Smith for passing on the link to the Levinson post.