Government officials voice concern to Apple over location tracking
Security researchers sounded an alarm earlier this week over a database file in iOS 4 regularly logs the location of both the iPhone and 3G iPad. According to the researchers, the current version of the log began with the launch of iOS 4 last year, resulting in as many as "tens of thousands of data points" collected over the past year.
"What makes this issue worse is that the file is unencrypted and unprotected, and it's on any machine you've synched with your iOS device," wrote one researcher. "It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you've been over the last year, since iOS 4 was released."
The researchers did note, however, that they had yet to find evidence that the location data had been sent to anyone.
Senator Franken sent an open letter to Jobs on Tuesday, noting that the stored location information "raises serious privacy concerns."
"I read with concern a recent report by security researchers that Apple's iOS 4 operating system is secretly compiling its customers' location data in a file stored on iPhones, 3G iPads, and every computer that users used to "sync" their devices," Franken wrote.
Franken found the fact that the file is stored in an "unencrypted format" to be "even more worrisome."
"Anyone who finds a lost or stolen iPhone or iPad or who has access to any computer used to sync one of these devices could easily download and map out a customer's precise movements for months at a time," he continued. "It is entirely conceivable that malicious persons may create viruses to access this data from customers' iPhones, iPads, and desktop and laptop computers."
iPhone location data plotted | Source: O'Reilly Radar
Franken took particular issue with the possibility that underage users could be at risk, citing an analytics report that found 13 percent of iPhone users to be under the age of 18.
The senator concluded his letter with a series of questions for Apple. "Why does apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?"
Rep. Markey's letter closely resembles Franken's and includes a list of questions that Apple is to respond to by May 12. "I am concerned about this report and the consequences of this feature for individuals' privacy," he wrote.
According to The New York Times, the Italian Data Protection Authority has opened an investigation into Apple's data collection. CNIL, the French data protection authority, is currently in the process of verifying the location tracking practice and may also initiate an investigation.
However, recent findings from security researchers would appear to dispute that fact, since the database they discovered had location records that dated back almost a year.
The location file is nothing new, according to researcher Alex Levinson, who claims to have discovered the log months ago. Prior to iOS 4, the location data was stored in a /root/Library/caches/locationd folder, Levinson said.
John Gruber of Daring Fireball noted on Thursday that the tracking log appears to be an error. "My little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn't, either due to a bug or, more likely, an oversight," Gruber wrote.