Researchers have discovered that the iPhone is keeping track of where you go and storing that information in a file that is stored – unencrypted and unprotected – onto any machine with which you synchronize your phone. It is not clear why Apple is collecting this data.
The discovery of a file called “consolidated.db” was made by data scientists Alasdair Allan and Pete Warden, who were initially looking at mobile data and thinking about ways to visualize it. They’ll present their findings today at the Where 2.0 conference.
While it is not unusual for cellphones to track users’ location, that information is typically kept behind a firewall and it requires a court order for others to be able to access it. This isn’t the case with this particular file, raising serious questions about privacy and security.
Tracking Your Coordinates Since iOS4
The file contains longitude and latitude data, recording the phone’s coordinates, along with a timestamp. This recording process seems to have started with Apple’s iOS 4 update, which means that there could be almost a year’s worth of location data stored – literally hundreds of thousands of data points. While the coordinates aren’t always exactly correct, they are incredibly detailed. It appears that the location is determined via cell-tower triangulation, but the timing of these recordings varies.
It isn’t clear why Apple is tracking this data, although the possibilities for location-based features are endless – location-based advertising, geofencing apps, and so on. Although the iPhone data is stored on back-up files when the phone is synced to another computer, it doesn’t appear that the data is transmitted to Apple. Nevertheless, Apple appears to be unique in this type of tracking, and according to Warden other phones do not record user’s location in the same way, and the two researchers have not been able to find comparable tracking systems on Android phones.
Although Google’s Latitude, for example, can track your location and let you give that information out to your contacts, it is something you need to opt in to. With the iPhone, you have no such option. There is no way to delete the file, as it will simply be restored, but you can encrypt your iPhone back-ups to make the information somewhat less accessible.)
Your Location Data – Unencrypted, Visualized
And that is another crucial part of this problem: in addition to simply the existence of the tracking mechanism, the information is incredibly accessible. To demonstrate this, Warden and Allan have created a simple downloadable app that will let Apple users check to see what location information has been stored. The app is fascinating, but also pretty frightening as it demonstrates that anyone with access to your phone or to your back-up files will be able to see where you have been since you installed iOS 4 on your phone.
The Guardian cites Graham Cluley, a senior technology consultant at the security company Sophos as saying that “if the data isn’t required for anything, then it shouldn’t store the location. And it doesn’t need to keep an archive on your machine of where you’ve been.” But rather than ascribing it to any sort of malicious intent is sayd it’s likely a “cockup rather than a conspiracy.”
Conspiracy or not, it still doesn’t reflect well on Apple’s concern over its users’ privacy. We have reached out to Apple for comment on this file but we have not heard back at the time of publishing.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.