(Previously: Apple is not “recording your moves”)
A lot of people have said that while the data from my backcountry bike trip is interesting, there is still a large security concern for people that live in cities. Since the urban density of “cell phone towers” (or more realistically, wireless network nodes) is much greater, couldn’t someone who stole your iPhone find you in a city much more easily?
From the data I’m seeing, no. I have been looking through the table of my data more thoroughly and what I’ve found is interesting. It doesn’t log one data point at a time - it will log a couple dozen data points all at once. For example, here is my data visualized on a graph, for the timestamp of April 3rd at 5:15:25.865 PM:
Ignore the lines that are drawn - the utility I used to convert the points to something readable by Google Earth adds them. All the points were added to the file with the exact same timestamp. What gets interesting is when you start looking at the data behind these points. Take a look at the following two screenshots:
Note the Horizontal Accuracy of the two points. This is a measure, in meters, of the confidence in that location - like when you load up maps and it shows a blue “halo” around your location indicating the area you may be in. The first point has an accuracy of 549 meters, the second 500 meters - and they are over 2000 meters from each other. Now, if these data points are supposed to be where you are, then their horizontal accuracies should all overlap on some point that reveals your actual location. But they don’t - which is why I believe they are locations of nearby cell sites, and the horizontal accuracy is a measure of how confident it is that the cell is there.
“But it’s still very revealing!” you must be thinking. After all, if it’s cell sites around you, you must be right in the middle of that circle. Fortunately for my privacy, no. At 5:15 PM on April 3rd I was in the bottom left of that circle, over a block away from the nearest dot on the map. I had just finished a 155 mile bike trip and was pretty happy to be sitting there, not moving.
A vast majority of the data in consolidated.db is in clumps like this. I grouped all the data by timestamp and found that 68% of the groups (and 96% of the points) were in clumps of more than 12 points.
Of the 40k valid entries in my CellLocation table, there were 106 entries with just a single timestamp. I looked at several of these, thinking I had perhaps found something that would give a close indication of my actual location. Still, no. One was at 1:30 AM, and it was 700 meters, or seven blocks, away from where I lay asleep, despite claiming an accuracy of 500 meters. Interestingly, this was in downtown Seattle, where there were tons of other cell nodes that it could have logged. Why did it pick just this one? Who knows.
Now there may be individual points in your consolidated.db file that happen to be the exact same as your location at the time. I’m sure there are some in mine. But that that is coincidental - the phone seems to be logging locations of nodes on the wireless cell network, and their presence in the file mean that you MAY have been near them. The Las Vegas mystery is still confounding me, but it only further proves the point that this data should not be relied on for any kind of forensic analysis.