Forensic Analysis of Third Party Location Applications in Android and iOS

TL;DR

This study investigates the forensic artifacts left by popular third-party location sharing apps on Android and iOS devices, assessing their potential for aiding investigations and discussing security concerns.

Contribution

It provides a comparative analysis of forensic artifacts in location apps on both platforms using industry-standard tools, highlighting security implications.

Findings

Locally stored location data can aid forensic investigations.

Significant artifacts are recoverable from both Android and iOS apps.

Security issues related to data storage and privacy are identified.

Abstract

Location sharing applications are becoming increasingly common. These applications allow users to share their own locations and view contacts' current locations on a map. Location applications are commonly used by friends and family members to view Global Positioning System (GPS) location of an individual, but valuable forensic evidence may exist in this data when stored locally on smartphones. This paper aims to discover forensic artifacts from two popular third-party location sharing applications on iOS and Android devices. Industry standard mobile forensic suites are utilized to discover if any locally stored data could be used to assist investigations reliant on knowing the past location of a suspect. Security issues raised regarding the artifacts found during our analysis is also discussed.