Like many of you I’ve been tracking all the “hub bub” about Pete Warden and Allisdair Allen’s iPhone location exploit.  There has been not only sensationalist media hype, but also claims of this being old news.  Having been a victim of media hype and not particularly having any privacy concerns around my iPhone – I liberated my iPhone location data (ok Justin actually did it) and uploaded it to GeoCommons.  Seeing my tracks was pretty cool, but you can do that with Pete and Allisdairs clever package out of the box.

I wanted to investigate how much of my privacy was actually revealed by the data.  My conclusion – not much.  I think we all inherently understand how much the media sensationalizes stories, but I thought it would be useful to document how much privacy this data actually reveals.  Let’s start with a map of all my locations:

This shows my general travel patters – live in Washington DC and I travel to California, Colorado and New York and good amount.  No big surprises there, although it is a bit tough to tell what places I was at most often from the piles of points on top of each other.  So, I ran a quick aggregation to US counties and generated this map.

Now I can see the counts by counties for the places my iPhone has traveled.  This allows me to quantity my frequency to different location, and has the added benefit of obscuring the exact locations I went.  Living in the DC metro area I wanted to get more detail of my patterns locally so I aggregated the data to zipcodes and generated this map:

This gave my a better local context, but also showed something odd.  The zip code where I apparently spend the most time is 22202 in south Arlington where I rarely go unless I’m flying out of DCA.  This was curious, so I went a level deeper and aggregated the data to Census block groups and generated this map:

The map does confirm that DCA airport is the area that had the highest number of locations stored by my iPhone, but the really weird part is where I live and work did not show up as an active location.  This was further reinforced when I went back the point data as seen in the map below:

There are no points closely associated with my house or my place of work.  Adding to the oddness the iPhone “location data” places me in locations I’ve never been.

This may surprise some of you but I’ve never actually been inside the Pentagon.  Why the stark deviation from places I know I’ve been with my iPhone very frequently and places I’ve never been with my iPhone?  The answer lies in the fact the iPhone is storing cell phone tower triangulations not GPS coordinates.  Others have said this previously although some have erroneously said the data is just showing the location of cell phone towers.  To demonstrate this I added FCC cell tower locations to my iPhone location log data.

Last fall I went surfing in Santa Cruz, but I did not take my iPhone with me in my wetsuit ;-)  So, how do we get a location for me out in the Pacific Ocean below:

When we add the cell tower locations and draw a simple triangle the odd locations begin to make a bit more sense.  Although I’m not sure why airports create such a massive amount of location logging by the iPhone.  When I went back to my county aggregation map and added airports the correlation was exceedingly high.  Maybe it is the density of phones and the amount of movement causing frequent cell tower hands offs for signal, and those all get logged by the phone? This would also explain why I’m not getting lots of activity near my home. The phone is logging when I switch between two cell coverage areas only.  There are probably not a lot of hand offs between my work and home since they are quite close to each other. Not sure but would love to hear some theories.

Not surprisingly the amount of private information you’ll learn of me from this post is pretty scant.  More than likely you would infer a lot of very inaccurate things about me, none of which include where I live or where I work.  You’ll learn a whole lot more interrogating my Twitter or Foursquare feed.  In many ways this is the only salient point - I gave permission to Twitter and Foursquare to track my location but not knowingly to Apple.  I say knowingly because who the hell knows what is in the 55 page ToS I have to agree to every time I download a new iPhone app.  My conclusion there is not much to fear from a privacy perspective but it certainly makes me trust Apple less and less.


8 Responses to Liberating My Data from the iPhone

  1. [...] Liberating My Data from the iPhone – GeoIQ [...]

  2. [...] Sean Gorman and my crony Peter Batty have finished some considerable work digging into a sum of a plcae data. Their end is that it’s tough to mark locations where you spend a lot of time in a same place, like your residence or place of work. It’s roughly as if re-visiting a same mark overwrites a lot of a comparison information for that place, that would fit with a lot of what we’ve seen. They also try to quantify a correctness of a location, indicating out how many outliers appear. [...]

  3. [...]  Remember, the recorded locations may not be exact. Here’s a nice description from GeoIQ of how inconsistent they can be, and [...]

  4. Nelson Minar says:

    Nice maps! May I ask: what’s the terrain basemap you used for the top US map? It’s pretty!

    I did my own custom map of my locations. The data in CellLocations has to be some sort of cache of geo-lookups; the primary key in the database is essentially a cell tower ID. What’s weird is there are way too many of those to simply be cell towers themselves.

  5. [...] Sean Gorman and my friend Peter Batty have done some impressive work digging into the details of the location data. Their conclusion is that it’s hard to spot locations where you spend a lot of time in the same place, like your house or place of work. It’s almost as if re-visiting the same spot overwrites a lot of the older data for that place, which would fit with a lot of what we’ve seen. They also try to quantify the accuracy of the location, pointing out how many outliers appear. [...]

  6. Tor Lillqvist says:

    Did you consider that the cell “tower” identifying columns (MCC, MNC, LAC, CI) in the CellLocation table form a primary key, i.e. each cell tower (well, each cell in a specific carrier’s specific network) can occur only once in the table. (Whether it’s the first or last time it was “seen” I have no idea.) This of course makes the claims of it “tracking your moves” even more silly.

  7. [...] geoIQ / J'ai libéré les données de localisation de mon iPhone On parle beaucoup sur Internet et dans les médias depuis quelques jours de ce fichier non crypté et stocké sur les iPhones et les serveurs d'Apple découvert par des chercheurs américains et permettant de suivre l'ensemble des données de géolocalisation des utilisateurs de l'iOS4. Cet article est une étude de cas d'un bloggeur qui a décidé de soumettre ses propres déplacements à l'épreuve des données de localisation contenues dans son téléphone. Les résultats de cette étude sont pour lui particulièrement peu fiables dés lors qu'elles ne reposent que sur des triangulations entre différentes antennes relais ou bornes wifi et à cet égard, les données de localisation qui nous produisons volontairement (via Twittter, Facebook ou Foursquare) sont beaucoup plus précises. Reste que l'auteur conclut que cette affaire plus médiatique qu'autre chose, installe un fort climat de défiance vis-à-vis d'Apple mais aussi des smartphones en général et des services de géolocation. (Laurence Allard)  (tags: privacy iphone) [...]