Researchers have discovered that the iPhone is keeping track of where you go and storing that information in a file that is stored - unencrypted and unprotected - on any machine with which you synchronize your phone. It is not clear why Apple is collecting this data.
Data scientists Alasdair Allan and Pete Warden came across the file - "consolidated.db" - while they were thinking about the potential trove of mobile data stored on a cellphone and thinking about ways to visualize this data. Allan and Warden will present their findings today at the Where 2.0 conference.
While it is not unusual for cellphones to track users' location, that information is typically kept behind a firewall and it requires a court order for others to be able to access it. This isn't the case with this particular file, raising serious questions about privacy and security.
Tracking Your Coordinates Since iOS4
The file contains longitude and latitude data, recording the phone's coordinates along with a timestamp. This recording process seems to have started with Apple's iOS 4 update, which means that there could be almost a year's worth of location data stored - literally hundreds of thousands of data points. While the coordinates aren't always precise, they are nonetheless incredibly detailed. It appears that the location is determined via cell-tower triangulation, but the timing of these recordings varies.
It isn't clear why the iPhone is tracking this data, although the possibilities for location-based features are endless - location-based advertising, geofencing apps, and so on. Although the iPhone data is stored on back-up files when the phone is synced to another computer, it doesn't appear that the data is transmitted to Apple. Nevertheless, the iPhone appears to be unique in this type of tracking, and according to Warden, other phones do not record user's location in the same way; the two researchers have not been able to find comparable tracking systems on Android phones.
Although Google's Latitude, for example, can track your location and lets you give that information to your contacts, it is something you need to opt in to. With the iPhone, you have no such option. There is no way to delete the file, as it will simply be restored, but you can encrypt your iPhone back-ups to make the information somewhat less accessible.
Your Location Data - Unencrypted, Visualized
And that is another crucial part of this problem: in addition to the existence of the tracking mechanism, the information is incredibly accessible. To demonstrate this, Warden and Allan have created a simple downloadable app that will let Apple users check to see what location information has been stored. The app is fascinating, but also pretty frightening as it demonstrates that anyone with access to your phone or to your back-up files will be able to see where you have been since you installed iOS 4 on your phone.
The Guardian cites Graham Cluley, a senior technology consultant at the security company Sophos as saying, "if the data isn't required for anything, then it shouldn't store the location. And it doesn't need to keep an archive on your machine of where you've been." But rather than ascribing it to any sort of malicious intent he said it's likely a "cockup rather than a conspiracy."
Conspiracy or not, it still doesn't reflect well on Apple's concern over its users' privacy. We have reached out to Apple for comment on this file but we have not heard back at the time of publishing.
Disclosure: Pete Warden is a contributor to ReadWriteWeb.