Geolocation possibilities on the iPhone

Ever since the iPhone was announced, I thought it would be really cool if it had a GPS receiver, or at the very least was able to find your general location via cell phone tower triangulation (technically [trilateration](http://en.wikipedia.org/wiki/Trilateration)). The obvious benefits of such a system would include automatic positioning of Google Maps to your location, or geotagging of photos taken on the iPhone’s (surprisingly decent) camera. Unfortunately, no such feature was included in the iPhone.

Now that a decent set of developer tools has been put together by hackers, there is the possibility of adding something like this. A few other people, including the famed [geohot](http://iphonejtag.blogspot.com/2007/08/im-at-rit.html), have also expressed interest in such a project. This is a summary of my endeavor so far to add some sort of location finding tool to the iPhone.

### Cell Tower Triangulation / Trilateration ###

The basic idea behind cell tower [triangulation](http://en.wikipedia.org/wiki/Triangulation) and [trilateration](http://en.wikipedia.org/wiki/Trilateration) is to locate the phone’s position relative to the cell towers by using the angles and distances between them, respectively.

Triangulation on the phone is impractical since there’s no way to easily measure the angles between the phone and the cell towers.

Trilateration is *sort of* possible by using the signal strengths to estimate the distance to the cell towers. This is very inaccurate due to multipath interference from stationary and moving objects, variation in cell tower antennas and equipment, etc. However, it would be *good enough* to get an approximate location to be used in Google Maps or rough geotagging of photos, assuming you know where all the cell towers are and can get their identities and signal strengths from the phone. That’s where the problem is.

### Issues with Trilateration ###

Cell towers locations are *supposed* to be public information, and the FCC does have a database called the [Antenna Structure Registration](http://wireless.fcc.gov/antenna/) (ASR)… BUT it’s missing many towers (it’s rumored to be about 25% complete), and the bigger problem is the networks aren’t required to provide the cell IDs along with the locations (and I doubt they would want to), so there’s no way to directly match a cell ID / signal strength from the phone to an actual physical location in the ASR database.

FCC ASR:
[http://wireless.fcc.gov/antenna/](http://wireless.fcc.gov/antenna/)
[http://wireless.fcc.gov/uls/](http://wireless.fcc.gov/uls/)

There’s *supposedly* more complete databases, such as [towermaps.com](http://www.towermaps.com), but again I don’t think they have the cell tower IDs, and even worse they charge $500 per COUNTY. There’s also [cellreception.com](http://www.cellreception.com) but it apparently just repackages the ASR data. I’m sure there’s others, but nothing I’ve come across is suitable. Let me know if you find something.

### Signal Strength Signatures ###

An alternative to triangulation and trilateration is to simply record a “fingerprint” of the cell tower signal strengths at every location you wish to be able to recognize. Then, when you want to find out where you are, simply take a reading of signal strengths, and compare them to the recorded fingerprints, picking the one that matches most closely.

The advantage of this is that you don’t need to know the exact locations of every cell tower, and it takes into account interference from buildings, land masses, etc. The obvious disadvantage is that you must map out every location where you want coverage. You must “cell-stumble”, the cellular equivalent of war driving.

A project that’s similar to this, but with Series 60 phones, exists at [GSMLoc.org](http://www.gsmloc.org) but they only have very limited data in a few scattered locations, and they appear to have pretty much abandoned the project.

### GPS ###

A built in GPS receiver in the iPhone would be the ideal solution, but of course this is out of the question at least until iPhone “2.0” (wink wink Apple).

Bluetooth GPS support for the iPhone would be awesome as well. It would require the Bluetooth serial port profile, which I would be surprised if the iPhone already has. iPhone uses the [BLUEmagic Bluetooth stack](http://www.oi-us.com/Uploads/File/Bluemagic_Brief.pdf) which is “modular”… it’s unlikely that Apple would pay for unnecessary modules or include them if they did. Maybe someone could port an existing open source Bluetooth stack to the iPhone ([Bluez](http://www.bluez.org/), perhaps? OS X probably isn’t similar enough to Linux for that to be easy). Worst case, we could use a laptop as the missing link (iPhone -> WiFi -> laptop <- serial/USB/bluetooth <- GPS) but that seems like a really poor solution. Maybe iPhone <- serial <- GPS? ### Moving Forward ### The first thing that needs to be done is to figure out how to get the cell tower IDs, signal strength, etc programmatically from the iPhone. Obviously this is possible since FieldTest.app is able to do it. I don't think it's as simple as sending AT commands directly to the baseband, since you can't do that unless CommCenter is disabled, which of course disables the phone features (obviously unacceptable in this case). Also, I have tried disabling CommCenter and sending "AT+CREG=2" then "AT+CREG", which should give signal strength, but wasn't getting anything useful back (perhaps because CommCenter was disabled and the phone wasn't connected to any cells?) Once that's done, we could interface with GSMLoc.org but again, their coverage is extremely sparse, and I don't think their approach is the best (they don't store signal strengths, which would be good for fingerprinting). It would be a good first step though. The mapping of fields in FieldTest.app to the GSMLoc.org database fields is as follows:

FieldTest.app GSMLoc.org Notes
# Net #1
Network Net #2
Location LAC
Cell id CellId Only the first entry appears to be valid, all others are “65535”
Station
Freq
Rx Level
C1
C2

The next step would be to do our own “cell stumbling”, but that would require interfacing the iPhone with a real GPS receiver… again, problematic. See above.

Once we’re able to get cell tower IDs and signal strength correlated to lat/lon coordinates we can either add to the GSMLoc.org database or start our own. GSMLoc’s database of coordinate/cell id pairs seems too simplistic for accurate fingerprinting or trilateration.

Joel De Gan wrote about [matching this data up with the FCC records](http://blog.peoplesdns.com/archives/34), but I’m not convinced that’s necessary. I think the fingerprinting approach would be better. Simply store the raw readings of cell tower ID and signal strength mapped to locations, and use a little AI to intelligently infer your unknown location from known cell IDs and signal strengths. This could take into account interference from buildings, mountains, etc, rather than trying to map out every single cell tower then perform the trilateration. Actual trilateration using signal strength would assume every tower has identical antennas and transmit power, and is uniform 360 degrees around.

Finally, we need massive armies of people willing to cell stumble across the country (or at least every major metropolitan area).

Once that’s all done, we can pretty much take over the world (or at least make Google Maps way cooler and tag photos with approximate lat/lon coordinates…)

### Another Option: WiFi ###

One more possibility would be to use the known locations of WiFi access points for geolocation. There are already free and open repositories of millions of WiFi access points: [wigle.net](http://www.wigle.net/) seems to be one of the largest.

The problem is that WiFi signals are much shorter range than cellular signals, thus the coverage of a single WiFi access point is much smaller than a single cell tower. Of course there are many more WiFi access points than cell towers (11 million registered on wigle.net), but this just means you need to wardrive along much finer resolution “grid” (essentially at the individual street level) to get good coverage.

### Conclusion ###

There are plenty of obstacles to making a useful location service for cell phones, but I think it would be fun to try anyway. Even if we can’t cover the entire U.S., as long as there’s on person per major city willing to cell stumble for a weekend, I think you could get a pretty useful system.

If you’re interested in helping, email me at .

Update: it appears a company called Navizon has released [a product exactly like this](http://navizon.typepad.com/my_weblog/2007/09/a-version-of-na.html). Unfortunately it costs money, but supposedly the money goes to the users who upload new cell tower locations and WiFi access points. $20 for 1000 unique cell towers or 5000 unique WiFi access points doesn’t seem like a very good deal though.

Update 2: With the release of the iPhone 1.1.1 software updates all 3rd party applications are essentially locked out (for now). Navizon is offering a refund for customers who purchased their product.

So it’s on Apple to do this. If they partner with AT&T this would be trivial to implement, since of course AT&T knows where all their own cell towers are located.

Update 3: This exactly functionality is now built into iPhone software version 1.1.3. Apple is using both cell tower data from Google, and WiFi access point data for approximating your current location.