Peter Warden and Alasdair Allan revealed their findings on Wednesday, in which they discovered that both the iPhone and 3G iPad are "regularly recording the position" of the device and saving them in a hidden file. The data is restored through iTunes with backups, and even across device migrations.
The researchers have concluded that Apple's collection of the data is "intentional," and contacted the company's product security team in an effort to find out the company's reasoning. They did not receive a response.
"What makes this issue worse is that the file is unencrypted and unprotected, and it's on any machine you've synched with your iOS device," Allan wrote. "It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you've been over the last year, since iOS 4 was released."
Location data is stored to a file called "consolidated.db," which includes latitude and longitude coordinates and a timestamp. The researchers said that while the coordinates are not "always exact," they are "Pretty detailed."
"There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically about a year's worth of information at this point," Allan wrote. "Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself."
The researchers have also made it clear there is no evidence to suggest that the data is being sent to anyone. They have provided a public tool that allows users to look at their own stored location data.
For now, users can encrypt their backups through iTunes. This can be accomplished by connecting an iPhone or 3G iPad to a Mac or PC, clicking on the device within iTunes, and then checking the "Encrypt iPhone Backup" setting in the "Options" area.
137 Comments
Security researchers have discovered that Apple's iOS 4 mobile operating system, found on both the iPhone and iPad, keeps a log of user's locations and saves the data to a hidden file on the device. ...
Cue the Android hate-fest/shit-storm in 3, 2, 1 ...
I can see why some people might not like this but it doesn't bother me. In fact it could be rather handy if one ever found themselves unjustly accused of a crime they didn't commit. Where were you on the night of the 22nd? I can't remember...let me consult my iPhone. Of course it would be rather trivial to hack the file in the case you were actually guilty. But whatever...
This is old news from 2010... Too bad the people that "found" this file couldn't find a link to Google to find this information had already been disclosed by Apple.
I can see why some people might not like this but it doesn't bother me. In fact it could be rather handy if one ever found themselves unjustly accused of a crime they didn't commit. Where were you on the night of the 22nd? I can't remember...let me consult my iPhone. Of course it would be rather trivial to hack the file in the case you were actually guilty. But whatever...
objection, circumstantial. the defendant could have left her phone at home while she was at the crime scene the night in question.
turning off location based services should turn off location based services, but this data comes from cell tower triangulation no matter what privacy you think you've set.
... turning off location based services should turn off location based services, but this data comes from cell tower triangulation no matter what privacy you think you've set.
There is no evidence yet that I'm aware of that this file is saved if you have turned off location services.
I see no evidence so far that this file contradicts *any* privacy settings you have on the device.