“Find My iPhone” on OS 2.2.1, Apple Retaining Data?

It would appear that iPhones with MobileMe are already reporting their location to Apple, evening with iPhone OS 2.2.1 and even with the “Find My iPhone”switched of in the Setting panel.

This would be BIG news because it would mean that iPhone users, with MobileMe, can be geo-located by Apple and it’s employees, even with the setting turned to “off”.

Here are my findings.

June 17, 2009 was the big release date for iPhone OS 3.0. One of the features touted by Apple for this release was the “Find My iPhone” location feature, which would allow someone to located a lost iPhone, alert with sound and text anyone around the phone, and if necessary, remotely wipe the iPhone of all data.

Wednesday June 17, 2009 morning found me in the city of Murfreesboro, TN, away from my Office desktop on which I sync my iPhone. Eagerly anticipating the updated OS, I decided to time my return to my home in Crossville TN (some 100 miles east on Interstate 40) to co-inside with the noon CDT release of the update. At 12:30pm, I connected my iPhone 3G, and started the update.

Once the update had completed I did the normal rundown looking at all the new features, one of which was “Find My iPhone”. I logged into my MobileMe, clicked on the “Account” icon, and the “Find my iPhone” sub menu. I of course was told that I needed to “Turn on” the feature in my phone, and given some quick instructions on how to do this, which I followed. Almost immediately, I had access to the screen, which could show me where my phone should be located. While I expected to see a Google Map of my office, or even a wide area shot of my city. I instead was treated to this:


I had one of those moments were I realized that this is “big”. The image above shows my “location” as being near Tennessee Highway 840, which is a limited access state highway connecting Spring Hill TN on I65 to Lebenon, TN  on I40, and passing through Murfreesboro, TN on I24 on , effectively “Looping” around the extreem south east of Nashville. What distrubes me about this is that yes, I was indeed at that location at the time indecated, 10:25am CDT, HOWEVER this was almost 2 1/2 hour BEFORE I installed iPhone OS 3.0 and turned on the feature which supposedly allowed MobileMe to know my location! To me this suggests that my iPhone with OS 2.2.1 was transmitting my location to MobileMe. The time discrepancy between 10:35am, and when I “turned on” the service for access at 1:00pm could be explained by AT&T’s 3G coverage. On Tennessee Highway 840, I lose 3G coverage at about that point on the drive. My home and office in Crossville, TN is in an area not covered by AT&T 3G, we only have EDGE here. There is a very small patch of 3G on I40 in Lebenon, TN, but at 70 miles per hour I would have been in it less than 3 minutes on my drive home.

It would seem that while I was on 3G and my iPhone was syncing with MobileMe via that radio, my location was sent. I know my iPhone synced with MobileMe over edge later in my trip, because I used it to read my email while stopping in Cookeville, TN, some 50 miles east of the furthest eastern most AT&T 3G coverage.

The above image also shows that my “location” was being updated.

Below is a “Zoom out” of the map to give you a better ideal of perspective.

picture-2Here, the yellow exclimated triangle indicates that MobileMe was “unable” to locate my phone, and was still giving me the last known coordinates which was again at 10:25am near Murfreesboro, TN. It would appear that 3G is needed for best use of the location feature. Again, my physical location at the time of this test was in Crossville, TN, which is only serviced  by AT&T EDGE. This might explain the delay in locating my iPhone.

This has a couple disturbing propositions. First being that long before my iPhone was updated to OS 3.0, let alone set to allow tracking, my location was known to Apple. Oddly, this in itself does not bother me as much as the implication that the “switch” in the settings on the iPhone is nothing more than a permission setting for use of the MobileMe website to find my iPhone. All of the infrastructure, radios, gps, location services, and battery drain, are still being used regardless of the setting on the iPhone itself.

Second, there is the impression that the switch on the iPhone settings is for privacy, however a quick look at Apple support docs actually does not implicitly state that the switch on the iPhone for using “Find My iPhone” is for privacy. It does however state that you must have the switch on before “you” can use the feature on the site.

Third, sense it is obviously that my location was know to Apple even before I turned it “on”, are there published guidelines on when/where/how this data is used and who in Apple is authorized to see this data?

Several hours later, I checked back with MobileMe and the map had been updated with an approximation on my location.

picture-3This image is interesting because it is obvious NOT a GPS fix, but rather a report based on cell tower data. From 12:30pm till 5:00pm, I was located on the first floor of my office building in which I know no GPS singles are receivable.  Even without GPS, my iPhone did report my approximate location. Ironically, the center of the targets “crosshairs” is within 100 feet of my office, give or take.

I would like to know if anyone else has had a similar experience. I would also like to know if there has been any acknowledgement from Apple that they do indeed already have location data on a per-iPhone-MobileMe bases, and what (if anyway) are their guidelines for this data.

Addtional Testing:

It is my intent to try and replicate my findings. My wife also has an iPhone, which is still on OS 2.2.1. I will try to use her phone as a base line to repeat the conditions. Knowing what I am looking for I will document the event properly.

I am also going to try and document the capture of location data on “Find My iPhone” from an iPhone with the setting switch turned off. I think that by using 3G with the switch turned “off”, and syncing with MobileMe. My location should be transmitted to Apple. I will then shut down the iPhone and place it in a farad bag to ensure any and all signals are stopped (I would remove the battery but, you know..). I will then start the iPhone in “Airline Mode” and use only wifi to enable the “Find My iPhone” switch. In theory if my iPhone was transmitting my location in defiance of the “off” switch. The place were I had last synced MobileMe over 3G will on the MobileMe website. For good measure I will also test this with EDGE and wifi as the MobileMe conduits.

UPDATE: 12:00am June 18

Not content to leave well enough alone, I have undertaken some addtional testing, following the basic outline from above. I took my from one known location (Home) to another known location (Office) with “Find My iPhone” turned off.

While at Home, I could indeed access Find My iPhone, and when I turned the service off on my phone, I lost access to the data on the MobileMe website. With the service still turned off, I drove to my Office, where I performed several MobileMe and Google Maps tasks.  While at my Office, I put the iPhone into Flight Mode (all radios off), then shut the phone down, and hardened it to RF (i.e. encased it in foil so as not to allow any radio connection at all, which worked surprising well). With the iPhone off and masked, I drove back Home.

Once at Home, I was still unable to access Find My iPhone because of course, the setting was “off” on my phone. However, after starting the phone in Flight Mode, and then only turning on Wifi, I could access the setting to restore “Find My iPhone” and then went through a lengthily process of trying to get MobileMe to “see” the phone. After several minutes, and a “push” of the text message (with sound) to alert near by persons to a lost iPhone, MobileMe did at last “see” my phone and report it’s location. However the location it reported was not my Home, but at my Office, where I had performed my last MobileMe Sync with Cell and GPS turned on.

After Completely rebooting my iPhone, and turning on all radios and features, the MobileMe website did switch over and give the correct location.

I have created a Youtube Video where I documented the process.

At this point, I can reproduce my findings, however I have a twinge of doubt about where MobileMe is getting it’s data. My testing methodology could lead to two different concussions. 1.) My iPhone is indeed still transmitting location data even with the “Find My iPhone” switch turned off. or 2.) Location data is being cached on the iPhone itself, then sent via what ever means to MobileMe when the feature is re-enabled. If option 2 is the case, then this cashed location data is most differently surviving a reboot of the phone. Also, neither options 1 or 2 fully explain the nearly 2 hour delay in my first (accidental) test.

In either case however it is clear that the iPhone must me on and in contact with MobileMe before Find My iPhone will work from the end users prospective.

Upon further reflection, the thought of Apple retaining location data, while somewhat sinister, makes some sense. After all learning the “last known” location of an iPhone might be helpful if you lost your phone with 10% of your battery remaining. But for this to be the case, should not the “Find My iPhone” feature work even without a connection to the iPhone?

Further testing is in order.

UPDATE: June 19

Well, apparently Youtube’s “10 minute rule” is like an eddic from God. So I’m going to find some other way to publish my 9 Minute and 124 Second video. :)

Update: Jun 19 – 2

Test after test still yields the same result, now from 2 iphones, a 3g and a 3gs. When switched off, iPhones when switched back on report the location to Find My iPhone of where they were switched off at. The toggle for “Find My iPhone” on the handset has no bearing on the result.

Now that I have two iPhones up on MobileMe, and can report that my “Find My iPhone” area of the website has two maps, but the second map seems to always fail (presumably for the 3g), the first one (confirmed for the 3gs) works. When I log into the MobileMe account for that phone “Find My iPhone” works, but in in the “main account”. I would like to see if from the main account, I could watch all the iPhones on my MobileMe family plan. A dream if you happen to be a jealous husband (which thankfully I am not).

If you happen to be a vindictive husband, you could just drive your wife off the phone completely. I can report that constantly probing the iPhones location WILL deplete the battery at an accelerated an rate. I burned through the iPhone 3G S battery after only 3 hours of testing from a full battery. No indication was ever on the phone that I was probing it. The charge just dropped like a rock.

Update: June 19, – 3

Well I feel stupid.  I’ve tried doing some packet inspections with ethereal (wireshark), but it would seem that the data exchange with MobileMe is encrypted. Chalk one up for Apple, while I cann’t sniff the cell data, I can only presume that wifi MobileMe traffic is the same as Cell-data MobileMe.

First, it would appear that Apple does indeed go out and “poll” for phone. Moments after a request for location comes down from the MobileMe Website, the iPhone does respond with some manor of data. I can only assume this is location data, or at the very least permission to relaise what ever data is there.

Second, if the iPhone does send location data back in the first few exchanges, then the data is completely unverified. This means that the iPhone has to hold some manor location cache. This would mean that the packets coming down do not in themselves trigger a location check on the iPhone, but rather only request what ever information the iPhone has.

I can confirm that Find My iPhone fails more than it works, and the dependancy chain to get access to Find My iPhone is so long that it might very well be useless in real world applications.

Turning off “Location Services” in the Settings Menu seems to drive the system a little nuts. The MobileMe website will poll the iPhone for quite awhile, before returning any one of several errors.

Turning off the cell radio and communicating with the iPhone only by wifi will fail sometimes, but other times it will report back a location which was the last time the iPhone seemed to have syned over Cell rather than wifi. While there is the older aGPS system used by handsets to get a GPS fix with cell towers, the iPhone has a full blown GPS radio and electrics packages to intemperate the GPS data it receives. This could mean that the Find My iPhone is using aGPS rather than GPS to get a location. This might account for lack of pinpoint accuracy in Find My iPhone. When using google maps, or GeoCaching, if I walk 25 feet, the iPhone “knows” the difference between my house and the end of my driveway. Find My iPhone conversely never gets more than a general fix on my location, even with a 100% clear view of the sky.

In real terms, this means that if you left your iPhone in a standalone restaurant building, then you might stand a change of knowing where it was. If you left it in a bodega on the same block were you also went shopping, can had coffee, and saw a friend in his office, then you might still have a rat hunt on your hands. At least you can make it beep for two minutes.

Being on the phone also seem to register as a bad cell signal. So if your going to steal an iPhone, go head and run up the minuets calling to China. The longer you are on the phone the less chance they have of catching you.

I’m still back to the question of “constant reporting” or “cached location data”. It’s clear to me at this point that MobileMe does require the iPhone to be mostly working for the user to get at location data even if it is constantly reported to MobileMe. The “cached location data” theory also has one VERY big problem. If you did lose your phone, in a basement somewhere, MobileMe would tell you the last location it has full access, not the current one. This could lead users on a wide goose chaise if they happen to be frequent subway riders.

Submit a Comment

Wordpress Themes