iPhones and 3G iPads running iOS 4 have been intentionally storing the user’s locations and time stamps without permission, two researchers have found.
According to researchers Alasdair Allan and Pete Warden, these 3G-enabled iOS devices store the user’s location data on a file called “consolidated.db.” This database contains latitude-longitude co-ordinates, along with a time stamp for each location.
The collection of data, which can hold tens of thousands of mostly accurate co-ordinate points, appears to have started with the release of iOS 4.
“Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by travelling between cells or activity on the phone itself,” said Allan in a blog post.
Allan points out that while mobile phone companies do have access to this data normally, they require a court order to get to it. With this discovery, not only is this unencrypted location data being gathered without the user’s permission, but it is apparently on any device to which a user has synced his or her iOS device.
However, Allan believes there is no immediate harm that would come from anyone accessing the data. Regardless, he feels people should ask why these devices are storing this data and how Apple intends to use it.
They recommend users encrypt their backups of their iOS device through iTunes, by clicking on ‘Options’ and then ‘Encrypt iPhone Backup.’
Both researchers also have released an app to let users see their own locations tracking data on their iPhones and 3G iPads.
