You can also clone the project with Git by running:
$ git clone git://github.com/petewarden/iPhoneTracker
The file exists on PCs too, but we haven't written a version of the application that runs on Windows ourselves. If you do a web search, you'll now find versions that other people have created, but while we have no reason to believe they contain any malicious code, we haven't inspected and verified any of them ourselves. Since we can't vouch for them we don't feel capable of recommending one in particular.
If you run it on an OS X machine that you’ve been syncing with an iPhone or an iPad with cellular plan, it will scan through the backup files that are automatically made, looking for the hidden file containing your location. If it finds this file, it will then display the location history on the map.
It will be stored in a folder inside /Users/<your user name>/Library/Application Support/MobileSync/Backup/. Each time you sync up an iOS device (iPad, iPhone, etc) files will be copied into a new folder here. The names of the folders and the files within them are mostly random strings, but there are some index files like Info.plist and Manifest.mbdb. Find the folder that has the most recent backup by looking at the modified dates of the files. Then, load Info.plist into a text editor to see what device it's for. You should see a 'Device Name' value in the XML, make sure that it matches your iPhone.
The Manifest.mbdb and Manifest.mbdx files contain a listing of the real names of the files represented by random strings in that folder. Luckily, Alasdair found a Python script here that can convert those:
If you cd into the folder in the terminal, and run iphonels.py you'll see a listing of all the files with their real names. Now, pipe it through grep to find the file we want, eg:
~/Downloads/iphonels.py | grep "consolidated"
You should see something like this:
-rw-r--r-- 00000000 00000000 28082176 1297319654 1297319654 1282888290 (4096c9ec676f2847dc283405900e284a7c815836)RootDomain::Library/Caches/locationd/consolidated.db
That text in brackets just before 'RootDomain::' is the name of the actual file on disk that holds the location data. Since it's an SQLite database file, you can use any standard SQLite browser, I'm using this Firefox plugin:
Update - Matt Hall suggested an easier way of locating the file, by running `grep CellLocation *` from the Backup folder
Open up the file, choose the 'CellLocation' table, and you can browse the tens of thousands of points that it has collected. The most interesting data is the latitude, longitude location and the timestamp. The timestamp shows the time in seconds since January 1st 2001.
Update - Here's a guide to manually loading the file on Windows - http://andykn.blogspot.com/2011/04/iphone-tracker.html
No. All the data stays on your machine. The code behind it has been open-sourced so you can inspect the code and compile it yourself if you’re a developer.
This database of your locations is stored on your iPhone as well as in any of the automatic backups that are made when you sync it with iTunes. One thing that will help is choosing encrypted backups, since that will prevent other users or programs on your machine from viewing the data, but there will still be a copy on your device.
It’s unclear. One guess might be that they have new features in mind that require a history of your location, but that’s pure speculation. The fact that it's transferred across devices when you restore or migrate is evidence the data-gathering isn't accidental.
There’s no evidence that it’s being transmitted beyond your device and any machines you sync it with.
The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.
The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.
By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.
We did hesitate over the right thing to do in this case, but when it became clear that "Individuals familiar with iPhone forensic analysis will be quite familiar" with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make it clear what was going on, a demonstration application seemed the lesser evil.
To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.
As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think you’re several miles from your actual location, but these tend to be intermittent glitches.
We’ve been collaborating on several location data visualization projects, for example this map of radiation levels in Japan: http://www.guardian.co.uk/science/blog/2011/mar/24/fukushima-radiation-levels
We’d been discussing doing a visualization of mobile data, and while he was researching into what was available, Alasdair discovered this file. At first we weren’t sure how much data was there, but after we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements. It also became obvious that at least some other people knew about it, but it wasn't being publicized.
Pete worked for Apple for five years, and left three years ago on good terms. He had no contact with anything iPhone related, (he worked on desktop visualization software) and received no help or information from inside the company while researching this problem. We’re both big fans of Apple’s products, and take no pleasure in uncovering this issue.
The visualization is implemented as a view onto a local web page using the OpenHeatMap jQuery plugin. This means that the following resources are pulled from the web:
OpenStreetMap background tiles
The jQuery main script file hosted on Google
The OpenHeatMap script and CSS files
All of these are just static files that are downloaded from the web, and none of your data ever leaves your machine. We do still recommend inspecting the source code if you're a developer, or even just relying on the directions that allow you to inspect the data using standard database tools.
There's no user interface to choose different devices, it just picks the most recently synced iPad or iPhone with valid data. This means you can usually view a particular device's information by syncing it, so that it's files are the newest, and then re-running the application.
Basically the smallest orange circles represent one or two points near a location, and the large dark-blue circles are for dozens of points near the same place. We're counting how many points fall within a 1/100th of a degree square.