Hacking CoreLocation on OS X for fun and profit

Valued Contributor III

... well maybe not so much profit.

CoreLocation is really cool. Nice easy way to get a reasonably accurate geolocation of iOS and OS X devices. I'm going to focus on OS X here.
CoreLocation can be a pain. It now insists that apps that request location data be signed and authorised by the user.

So the authorisation file for apps it turns out is located at /var/db/locationd/ on 10.9 machines and it's located in the clients.plist file. Aha! We can use defaults write for this. Ack! It's a bunch of arrays. Not nice.

Step One: Find the app you wish to sneakily authorise. You'll need to authorise it manually on a computer and grab the results. I'm using an app i've found called "whereami". You'll end up (after running defaults read on this file) with something like ...

"com.apple.locationd.executable-/Volumes/xxx/whereami" =     (
            Authorized = 1;
            BundleId = "com.apple.locationd.executable-/Volumes/xxx/whereami";
            Executable = "/Volumes/xxx/whereami";
            Hide = 0;
            Registered = "/Volumes/xxx/whereami";
            Whitelisted = 0;

Step Two: Translate what you've got into something you can put into a defaults write command. For the record, dealing with arrays with defaults is a pain. I eventually ended up with this:

defaults write /var/db/locationd/clients.plist com.apple.locationd.executable-/Volumes/xxx/whereami -array-add '{"Authorized" = "1"; "BundleId" = "com.apple.locationd.executable-/Volumes/xxx/whereami"; "Executable" = "/Volumes/xxx/whereami"; "Hide" = "0"; "Registered" = "/Volumes/xxx/whereami"; "Whitelisted" = "0";}'

Step Three: There is no step three!

You've basically authorised an app for CoreLocation without bugging the user to authorise it. I've specifically done this for some missing computer tracking stuff i'm working on. Saying that, if there's an easier way of doing this then i'd love to hear it!


Contributor III

Hey Franton,

I'm trying out the above for Apple Maps (to automatically allow it to use the user's location).

As this adds more info into the clients.plist, I've used the following command:

defaults write /var/db/locationd/clients.plist com.apple.Maps -array-add '{"Authorized" = "1"; "BundleId" = "com.apple.Maps"; "BundlePath" = "/Applications/Maps.app"; "Executable" = "/Applications/Maps.app/Contents/MacOS/Maps"; "Hide" = "0"; "Registered" = "/Applications/Maps.app/Contents/MacOS/Maps"; "Requirement" = "identifier "com.apple.Maps" and anchor apple"; "Whitelisted" = "0";}'

however, it doesn't seem to work. I've also tried a reboot and a logout but still no luck.

Any advice?



Valued Contributor III

Assuming you manually registered it on a computer to get that info, have you tried using that command to write to a temp file elsewhere and comparing your results with a known good clients.plist? There might be differences.

If it works, it works straight away.

New Contributor

Hey Franton,

I came across your article about implementing whereami and currently trying to deploy this. I got most of the things in place except whenever I run the program in a shell, a window prompt appear asking to deny or allow access to the location services. I have this authorized in /var/db/locationd/clients.plist but it still prompts.

Wonder how did you manage to bypass this stage?

Valued Contributor III

I gave up on all this a couple years back because of legal reasons.

New Contributor

Ah ok...Thanks for that. It did cross my mind. But because the binary app doesnt' report "exact" location, we are exploring on this area.

But no worries. Thanks for replying though.

Contributor II

+1 for figuring this one out - especially in Sierra!