Eye Spy
by Digicon
I'll start by saying this isn't really a hack, and that's because the location data isn't protected. But as hackers, we're curious beings who love to explore.
This all started with an app I use on my Android phone called MobileChan.
To quote the website, "One part Foursquare and one part 4chan, MobileChan lets you view images and comments posted anonymously by people near you and submit your own posts for people nearby to read."
My problem is with the word anonymously. Anonymity and GPS location data shouldn't go together, and the one thing this app does is tell you the distance between you and the other users of the image board.
After a while of using this app I began to wonder how this works. My rooted Android phone will make capturing network data possible.
Shark for Root is a network traffic sniffer that works on 3G and Wi-Fi, similar to tcpdump on the PC. On a side note, this method can also be used to verify that apps work the way you intended them to.
After running Shark and plugging the phone into my computer, I retrieved the PCAP file produced by Shark for further examination.
NetworkMiner is an easy to use tool for Windows that will read the PCAP file and reassemble the packets to show information collected in the network capture.
Under the files tab in NetworkMiner, there will be a list of all of the files found in the PCAP file. The file ending in threads.D12345B2[1].html caught my eye and produced a file with many lines and this value: "location".
Here's a string from the file used when loading the app:
{ "body": "Traffic SUCKS!", "update_timestamp": 1307811161110, "parent": null, "thread_id": {"$oid": "4df1344aa063d6127a0002fd"}, "timestamp": 1307653194979, "image_id": {"$oid": "4df1344aa063d6127b000304"}, "location": [39.081208699999998, -77.501044100000001], "_id": {"$oid": "4df1344aa063d6127a0002fe"} }And another string from the file that is used when entering the thread:
{ "body": "Rush hour, enjoy it.", "update_timestamp": 1307654665510, "parent": {"$oid": "4df1344aa063d6127a0002fe"}, "image_id": null, "timestamp": 1307654665510, "thread_id": {"$oid": "4df1344aa063d6127a0002fd"}, "location": [41.0034641633333331, -83.757851166666666], "_id": {"$oid": "4df13a09a063d6127a0002ff"} }As you can see, "location": [39.081208699999998, -77.501044100000001] is the latitude and longitude from the GPS.
You could turn the GPS off and not have your location revealed, but the app seems to use the location of the cell tower in that case. Also, many Android phones ship with the GPS on by default, so the user would have to know to turn it off.
The thing is, many users of this app probably wouldn't post the things they do if they knew how trackable the whole process is. Some of the content can get pretty racy to downright nasty and everything in between. Now, this may or may not be a big deal to you, depending on how private you are.
I'm sure many app developers won't go to great lengths to protect user data. A great deal of apps would leak user data with a simple packet sniffer.
Let's face it: today's smart phones are becoming more personal then the personal computer ever was.
So go and explore some apps. The market is full of them.
MobileChan: www.mobilechan.com (App Original Link) (Author's Website)
AndroidChan: github.com/aaw/AndroidChan
Shark for Root: market.android.com/details?id=lv.n3o.shark
NetworkMiner: sourceforge.net/projects/networkminer
Rooting (Android OS): en.wikipedia.org/wiki/Rooting_(Android)