Yesterday Apple released iOS 4.3.3, which it claims resolves the much ballyhooed iPhone tracking bug. Considering the amount of uncertainty that has plagued this story since its inception, we put the patch to the test.
Using two AT&T iPhone 4 smartphones—conveniently white and black—we updated each to iOS 4.3.3. We enabled Location Services on one and disabled it on the other. We then went home to our respective boroughs (Manhattan and Queens) with the aim of seeing what we might find some 12 hours later. Here's what we found.
The iPhone Tracker
The first, easiest way to look at tracking data on your iPhone is by using Pete Warden's free iPhoneTracker app. The application is designed to access the file that is backed up to your computer upon synchronization and to plot data, in weekly nuggets, on a map. When we tested this a few weeks ago, the results were clear: while rogue location points peppered the map, for the most part, results appeared surprisingly accurate, showing that the iPhone tracked us to and from work and followed us on vacation. This time, however, there was nothing. Neither of the iPhones we tested showed any evidence of location data being collected and stored in the backup files. So far so good.
The Roll-Up-Your-Sleeves Approach
We decided to take our test a step further. The last time we looked at tracking data, we discovered that it is always stored in the same file—no matter the iPhone. On a PC, it can be found under Documents and Settings\Username\Application Data\Apple Computer\MobileSync\Backup. The file can be opened using the program SQLite Database Browser, which enables you to see all of the location data stored by the iPhone, including points of latitude and longitude for both cellular towers and wireless networks.
From here it is possible to export these data points to Excel and convert them into a Google Earth-friendly format using the program KMLCSV Converter. Once converted, you can plot all the data points using Google Earth to reveal a shockingly granular view of your travels. Forget weekly nuggets—we're talking minute-to-minute data. To get a sense of how closely the iPhone had been tracking, take a look at the slideshow: One slide shows wireless network location data from a 45-minute walk.
This time around, however, that same file contained almost no data whatsoever. Any data it did collect wasn't related to tracking. It is also interesting to note that the size of this file has shrunk 15-fold. Before the iOS 4.3.3 upgrade, the file weighed 380KB. Afterward: 24KB. Some other files in this folder have also changed in size considerably. We tried opening the five largest files in SQLite—as they were the best candidates for tracking data—but didn't find anything even remotely related. This leads us to conclude that location data is, as Apple claims, no longer being backed up to your computer.
Continue Reading: iOS Forensics
iOS Forensic Software
After we ensured that the iOS 4.3.3 had removed location-based information from iTunes backups, we wanted to know what locational information continued to live on the iPhone. For this we turned to iOS forensics software. While there are several solutions competing in this space, we settled on Kanata Forensic's Lantern Version 2.0 ($599-$699), which has earned a reputation for its capability, simplicity, and familiar iTunes-esque interface.
The process of extracting data using Lantern is stunningly simple. Because the software allows you to examine the phone directly, rather than its backup, we didn't need to worry about re-synchronizing with iTunes. We simply connected each phone, launched Lantern, and asked it to acquire as much data as possible from the connected device. For both phones, we retrieved information about the phone (device), calling history, SMS/MMS messages, Internet usage, voice memos, bookmarks, and a timeline of events. In the case of the iPhone with disabled Location Services—for which Wi-Fi was enabled—Lantern retrieved information about wireless networks to which it had connected, including the MAC addresses of the wireless routers. Very cool.
While Lantern did an outstanding job retrieving everything from voicemails to text messages from the devices, post-iOS 4.3.3, it found no location-based information on either phone, with or without Location Services enabled. This leads us to conclude that iOS 4.3.3 has either hidden, encrypted, or moved location-based information in such a way that it is either invisible to even dedicated forensics software or, more likely, that it is no longer tracking that information.
iOS 4.3.3 Kills Tracking
Apple claims that the iOS 4.3.3 update addresses three issues:
- It reduces the size of the cache
- It no longer backs the cache up to iTunes
- It deletes the cache entirely when Location Services is turned off
It's clear that the size of the cache is considerably reduced. There are, though, some other large files in the database folder that, as noted, raise questions. However, we are unable to find any location information in these files. It's also clear that any locational information isn't being backed up in iTunes. We established this using Pete Warden's iPhone Tracker and the "roll-up-your-sleeves" manual approach. Finally, using the Lantern iOS forensics software, we looked directly at both iPhones—not the backups—and found no location-based information, irrespective of Location Services. Again, it's possible that Apple has disguised this information in some inventive way, but, if it is there, it's managed to elude $600 dedicated forensic software.
Thus, the iOS 4.3.3 patch addresses what it claims to address, and iOS users wary of tracking features can breathe a sigh of relief.