Your smartphone knows everything about you, and it tells tales
In the sexy but increasingly scary world of smartphone forensics, insiders have a name for all the personal information purposely or unknowingly stored inside that iPhone or Android or Blackberry in your pocket. They call it your "digital fingerprints."
With the right tools and physical access to your smartphone, anyone can tap into the private details of your life: texts, photos, tweets, Facebook ramblings, doctor's appointments, favorite hiking trails, and maybe even what you had for dinner last night at that little French bistro on the corner.
"You can find out everything about someone from their smartphone," said Amber Schroader, owner of Paraben of Pleasant Grove, Utah, which makes forensic software for investigators and the general public. "You can see their YouTube videos, the websites they've surfed, their pictures. People are addicted to their cell phones, so this is the freshest and most valuable information available about someone."
While wireless companies and others have long been able to track the locations of phones remotely, it's unclear what other information they may be able to access remotely. But forensics investigators have long known that a treasure trove of biographical data can be gleaned when they have physical access to handheld devices. Even before discovery of the location tracking file that researchers this week disclosed had been found on the iPhone, investigators had been collecting data from the Apple smartphone.
"We've been analyzing iPhones since they came out," said Christopher Vance, a digital forensics specialist at Marshall University's Forensics Science Center, which works with state and local law enforcement agencies in West Virginia.
Data that Vance and his lab have helped harvest from iPhones include call logs, map search results from the device's Google Maps app, graphics stored in the browsers' cache, even logs of what's been typed into the iPhone's virtual keyboard.
"There's tons of great information on the iPhone," he said.
Not everyone's thrilled about how easy it is to get a smartphone to cough up its secrets. Apple has ignored repeated requests for comment on the tracking file, even as members of Congress have started asking questions of Apple about why it's tracking its phone users and what it's doing with the information. And privacy advocates warn that harvesting data from anyone's phone without their permission is another step down an already troubling path.
"These aren't smartphones - they are spy phones," said John M. Simpson, director of Consumer Watchdog's Privacy Project. "Consumers must have the right to control whether their data is gathered and how it is used.
"People don't realize the absolute gold mine of data about their life that exists inside their smartphone," he added. "There really needs to be an educational process started so that people will begin to understand that."
Privacy advocates say the disclosure of the iPhone tracking file highlights the need for new laws and regulations to govern the type and amount of information that mobile devices can collect. In addition to the iPhone tracking file, it has been revealed that Apple's iPhones and Google's Android phones regularly transmit location data back to those two companies.
"I see a slippery slope," said Sharon Goott Nissim, consumer privacy counsel at the Electronic Privacy Information Center, a consumer advocacy group. "Once the collection of data has been done already, it's harder to stop law enforcement from getting access to it. The way to stop this is to stop the collection in the first place."
For years now, investigators have had a much better idea than the phones' owners of what data they can legally harvest from consumers' phones. The iPhone's location-tracking file "has been flying under the radar for a while," said Sean Morrissey, CEO of Katana Forensics. "For forensics (investigators), that's a good thing. You don't want to tell the bad guy" that you can get this off their phone.
"We know most of data is going to go mobile," he said.
Forensics investigators have long been able to pull lists of contacts, call records and text messages from cellphones. But smartphones such as the iPhone have greatly increased the amount of data at their disposal. Part of that has to do with consumers' growing use of such devices and the growing number of applications available for them.
Schroader, whose firm offers a forensic mining tool for $199 called iRecovery, said while investigators have been able to explore the innards of cellphones for years, the growth in smartphone capacity has meant a sea change in the amount of personal data now easily retrievable.
"We've made these tools that support iPhone and Windows Mobile and Android for years, but it's the storage that's changed everything," she said. "Your old-school phone had a couple of megabytes of storage. Now we're at gigabytes, and eventually we'll be at terabytes. And when we're working with law enforcement, that translates into a lot more evidence, which makes us all very happy."
-Androids and iPhones: Both smartphones regularly transmit location data back to Google and Apple respectively.
-On iPhones: A tracking file stores the latitude and longitude of cellphone towers and Wi-Fi access points with which the phone has interacted. Experts may also harvest call logs, map search results from the device's Google Maps app and logs of what's been typed into the iPhone's virtual keyboard from the phone.
-All smartphones: "You can find out everything about someone from their smartphone. You can see their YouTube videos, the websites they've surfed, their pictures."
(c) 2011, San Jose Mercury News (San Jose, Calif.).
Distributed by McClatchy-Tribune Information Services.