John Gruber of Daring Fireball commented on the controversial location tracking log Thursday. Though he cautioned that he doesn't have a "definitive answer" as to why Apple is storing users' location data in a database file, he has been told it is in fact an error.
"My little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn't, either due to a bug or, more likely, an oversight," Gruber wrote.
"I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that's meant to serve as a cache of your recent location data is instead a persistent log of your location history. I'd wager this gets fixed in the next iOS update."
Though the tracking file has existed since iOS 4 was released last year, and was even recognized before, the information gained traction on Wednesday when a pair of security researchers detailed the issue. They found that the iPhone and 3G-capable iPad are "regularly recording the position" of the devices and saving them in a hidden file.
The data in the consolidated.db file is backed up and restored through iTunes, and can even be transferred to a new device when syncing. Though the information is not shared with Apple or anyone else, the researchers view the file as a potential security threat, as anyone with access to the file could know where a person has traveled since owning an iOS 4-powered device.
Because data collection started with the release of iOS 4 last June, the file can be a comprehensive collection of locations with tens of thousands of data points stored. The location is believed to be determined through cell-tower triangulation, which is less accurate than GPS.
The researchers, Peter Warden and Alasdair Allan, have provided a free tool to the public that allows users to look at their own stored location data. Users are also advised to encrypt their iOS backups through iTunes to maximize security.
83 Comments
Oops, we accidentally created a very complex algorithm with very specific time stamped tracking data and concealed it in a hidden file on you iDevice...
It's only a bug because someone found it, otherwise, they woul've let it run.
Does anyone know whether this is true of the Verizon iPhone? I can't get the iPhone Tracker program to find consolidated.db.
Not sure this comment is correct. Earlier versions if iOS had h-cells.plist which contained similar information. The link below provides better information.
https://alexlevinson.wordpress.com/2...ing-discovery/
I just activated Google Latitude a couple weeks ago; and instead of waiting for it to store a long history of locations all while sipping my battery, I could be accessing the data that my iPhone has already been storing over the past 3 years - cool! PLEASE don't remove this in the next update Apple!