There’s been a bit of a to-do about the recently discovered geolocation data stored in iPhone backups. An expected percentage of people start screaming about privacy concerns, how Apple is turning into big brother, how that data can be used to rob your house, etc.
Looking at the data from my iPhone, it looks very much like this is QOS (Quality of Service) data — nothing more. The location of each point collected indicates that the phone is storing geolocation data not for itself, but for each GSM tower that it hears.
For example, one day, I drove from my home in the southeast Denver metro area up to Longmont. It was a three hour trip up I-25, into Longmont to a warehouse, then down US-287 to home. I did the trip on March 2.
Here’s a screen shot of that area, along with the date stamp for reference:
|Click to enlarge
If we were to interpret the geoloc data in a very paranoid manner, this data would indicate that I drove on several hundred different roads on that day and crisscrossed many cities just to drive to a warehouse in Longmont.
However, I can say that in all the years I’ve lived in this area, I’ve never been to the huge majority of the points collected by my phone.
So how can we interpret this data?
This looks very much like Quality of Service (QOS) data. It appears very much to be storing the known location of cell towers along with signal strength information. The points collected are spaced at regular intervals. There’s also what looks like a signal strength or maybe an SNR ratio. You see, a tower’s location doesn’t change. Each tower also has its own identification. Listen to the signal strength from any given tower and you have some very useful information that can be later reported back to the various carriers for troubleshooting reports of dropped calls, no signals, etc.
Edit: This first interpretation was incorrect. Turns out that it was closer to the second interpretation. This information is not the location of the device itself, but a cache of locations from nearby wi-fi hot spots and cellular towers that are used by your device to determine its own location. More info is here.
An alternate interpretation may be that this is very roughly estimated positioning information based on triangulation from multiple cell towers — perhaps used for E911 triangulation. This data is absolutely not GPS information as GPS itself is far more accurate than the data collected.
Perhaps, a combination of the two: triangulation from known cell towers to estimate general QOS.
To this engineer, there is, as yet, no evidence in this data that suggests that anyone is doing anything nefarious nor that the data could be used to track somebody’s location back to their home to commit any number of crimes.
The biggest threats to your safety and privacy aren’t your phone storing the location of cell towers that it once heard.
The greatest threats to one’s privacy and safety in this age are, in fact, from oneself: posting of status updates on Facebook or Twitter about that trip you’re taking to Disney World next week, or that you’ve checked in to some coffee house on the other side of the state. That kind of information could easily be exploited by others.
For what it’s worth, the location data captured by my phone in this particular file don’t show any actual data points within any useful distance of my home. I would encourage, therefore, refraining from judgement until you have all of the evidence. Let’s wait and see what Apple has to say about the matter.