Google Maps Location Data (gmm_sync.db)
Location
/data/data/com.google.android.apps.maps/databases/gmm_sync.db and gmm_storage.dbDescription
SQLite databases used by the Google Maps application to cache location-related data including searched addresses, navigation destinations, recently viewed places, saved locations, and local business search results. The gmm_storage.db file contains protobuf-encoded location data including latitude/longitude pairs with associated timestamps.
Forensic Value
Google Maps databases reveal location intent and travel planning that predates actual movement. Searched destinations demonstrate knowledge of or interest in specific locations. Navigation history with start and end points establishes travel routes and arrival times. Cached place details include addresses that were viewed but not necessarily visited, distinguishing between research and actual travel. The protobuf-encoded data requires specialized parsing but contains high-precision GPS coordinates with timestamps.
Tools Required
Collection Commands
adb
adb pull /data/data/com.google.android.apps.maps/databases/ /forensics/gmaps_dbs/
ALEAPP
python3 aleapp.py -t tar -i /path/to/extraction -o /forensics/output/
adb
adb shell dumpsys location > location_service_dump.txt
Collection Constraints
- •Availability depends on Android version, OEM build, encryption state, privilege level, and whether the collection was logical, rooted, or full-filesystem. OEM-specific builds may move or rename stores.
- •Mobile application data may be partially cached, excluded from backup, or pruned by the OS. Validate against the extraction type before treating gaps as meaningful.