Apple to Release iOS 4.3.3 / iOS 4.4 to Fix Location Tracking Bug?
These days iPhone security researchers are talking about location-tracking log file found in current iOS 4 firmwares which stores the location of every iPhone user. This log file is then transferred to the computer once a user synchronizes his iPhone using iTunes. Researchers believe the information stored in the “consolidated.db” file could be accessed by anyone having physical access to your computer or iPhone and used for some harmful purposes.
The best piece of writing on this issue, which we found after being referred by many reliable sources, states:
A few reality checks, lest I inadvertently do a Glenn Beck number on all of you, here:
- This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the logfile’s purpose is to track the performance of the phone and the network, and not the movements of the user.
- A third party couldn’t get access to this file without physical access to your computer or your iPhone. Not unless you’ve jailbroken your iPhone and didn’t bother resetting its remote-access password…or there’s an unpatched exploit that would give Random Person On The Internet root access to your phone.
- It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the logfile.
But still! What a nervous can of worms. This is an open, unlocked file in a known location in a standard database format that anybody can read. If someone has physical access to your Mac — or remote access to your user account — it’s a simple matter of copying a file and opening it. And while the logfile can’t tell someone that you were at a specific house, it can obviously tell your boss that you went to the Cape on the day you called in sick.
Apple is yet to comment on this issue. If it is a bug, Apple might release iOS 4.3.3 or iOS 4.4 containing a fix for this problem or they may leave it untouched until iOS 5 is ready to be released.
If you want to get an early fix, you can install “untrackerd” app from Cydia Store after jailbreaking your device. Untrackerd is free and it requires iOS 4.0 or higher version to install.
Continuously clean up locationd’s history data in the background.
This package installs a daemon (process that can run in the background) to clean the consolidated.db file