Where 2.0 conference: iOS4 Secretly Storing Your Location Data, Say Researchers

At Where 2.0 conference, Researchers Alasdair Allan and Pete Warden of O'Reilly have disclosed that iOS4 is secretly obtaining your location and recording it to a hidden file, raising obvious privacy concerns and questions as to why Apple would be storing such information. The researchers believe it's intentional, as the file is restored after backups […]

At Where 2.0 conference, Researchers Alasdair Allan and Pete Warden of O'Reilly have disclosed that iOS4 is secretly obtaining your location and recording it to a hidden file, raising obvious privacy concerns and questions as to why Apple would be storing such information. The researchers believe it's intentional, as the file is restored after backups and even when the user switches to a new device.


A location map from an iPhone that had been used in the southwest of England

The file name where the information is stored is 'consolidated.db,' and each entry contains latitude and longitude coordinates along with a timestamp. There doesn't appear to be any regular interval as to when the phone is collecting and storing this data, thus it may be triggered by events such as phone calls or events on the phone.

Allan says that the existence of the file on your computer is a security risk, as it's both unprotected and unencrypted. "It can also be easily accessed on the device itself if it falls into the wrong hands," he wrote in a blog post. "Anybody with access to this file knows where you've been over the last year, since iOS 4 was released."

That location data that is stored both on your iPhone and backed up to your computer through iTunes is available for your perusal using a small application that the two researchers have created to view the database file on a users home computer. They did say there currently appears to be no exploits taking advantage of this file, however now that its existence is public, it may only be a matter of time.

One possible method to prevent any data loss would be to check the option for "Encrypt iPhone Backup" within iTunes, Allan wrote.

In addition to recording the wireless access points it also records cell towers and GPS. Since this affects all iOS 4 users it essentially means all of Apple's own employees have been recorded -- was it ever in their company contract that Apple had right to record where they go?

Apple was not responding to requests for comment, however its terms of use does allow for such activities, saying "we may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising."

[Source: o'Reilly]