A security researcher has discovered that smartphones running Google’s Android operating system are tracking users’ locations and storing that data in files on the phone. This news comes only days after it became widely known that a similar file on Apple’s iPhone also logs a complete history of users’ travels by way of timestamped latitude and longitude coordinates. The iPhone tracking file was revealed by data scientists Alasdair Allan and Pete Warden at O’Reilly’s Where 2.0 conference in Santa Clara this week, raising serious enough privacy concerns to attract the attention of U.S. senators.
Android Snoops on You, Too
The recently discovered Android location files were found by Swedish programmer Magnus Eriksson, who created software called Android-locdump to search through Android-based devices’ caches. The software parses two files called cache.cell and cache.wifi located in the /data/data/com.google.android.location/files directory on Android phones.
These two files, cache.cell and cache.wifi, contain records of the last 50 cell towers the device has communicated with and the last 200 Wi-Fi networks the phone has discovered, respectively.
However, unlike the file found on the iPhone, this data is overwritten as the files become full. Accessing the file also requires full administrator privileges (aka, “root” access) to the device in question.
Research from another programmer, Samy Kamkar, purports that, “virtually all Android devices” send that location data back to Google. (These claims need to be investigated further, however.)
Why are Google and Apple Recording this Info?
Noted Apple insider John Gruber speculates that the file found on the iPhone is supposed to function like a cache, too – or, in other words, more like the files on Android do now. Its failure to do so may be either an oversight or bug:
“The big question, of course, is why Apple is storing this information. I don’t have a definitive answer, but the best at least somewhat-informed theory I’ve heard is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.”
As the news spread around the Internet this week, another researcher, Alex Levinson, pointed out that knowledge of the iPhone location file was neither secret nor new. He had, in fact, published an academic paper on the matter last year, before the launch of iOS4, the current mobile operating system powering the iPhone. What’s more, the file has been used by law enforcement professional performing forensic analysis on iPhones for months.
In U.S. Senator Al Franken’s letter to Apple CEO Steve Jobs, he asks several questions, including “why does Apple collect and compile this location data?” and how precise is the data?
Now it seems Franken needs to send out a letter to Google as well.
What answers will these companies provide? Are our smartphones recording this data because location has become so central to the functionality of these devices? For example, is it necessary to cache these details so location-based services – services which allow us to get directions, view maps, find nearby stores or other points of interest – function? Or are these companies using location-based services as an excuse to do a little snooping on end users for their own purposes?
The question of what should be done now that we’re aware of this situation is another matter altogether. But at least we’ve started the conversation.
