iOS 4 devices quietly track, store users’ locations (updated)

iOS 4 devices quietly track, store users’ locations (updated) 1

A pair of programmers has discovered that iOS 4 devices are regularly recording their positions to hidden files, which reside on the devices and are transferred to any computer the devices are synced with during backup. Alasdair Allan and Pete Warden report for O’Reilly that while working on data visualization projects, they discovered a file “consolidated.db” that contains latitude-longitude coordinates along with a timestamp, and while the coordinates aren’t always accurate, they are rather detailed. According to the report, it appears that the location collection started with iOS 4, and thus the file could potentially contain tens of thousands of data points, or an entire year’s worth of movements. The pair note that the file is unencrypted and unprotected, and have contacted Apple’s Product Security team, but have yet to hear back.


As noted in our forums, Apple appears to have moved away from Skyhook and to an internal location database/detection service as of iOS 4. Given that users of Wi-Fi-only iPads and iPod touches have reported an ability to fairly accurately determine their location in situations that would prove challenging for an actual Skyhook-based system—such as in a moving car, with no Internet access available—it appears likely that iOS 4 devices are relying on this internal database to provide users with approximate location data even when no such data would normally be available. For those interested in seeing their own data, Allan and Warden have created a free Mac OS X application called iPhoneTracker that will automatically search the computer for any location files and display them on a timeline-enhanced map.

Update: The authors of the report have added a new section entitled “Who has access to this data?,” in which they state, “there’s no immediate harm that would seem to come from the availability of this data. Nor is there evidence to suggest this data is leaving your custody. But why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored.”

Update 2: One week after the release of this report, Apple posted a Q&A on Location Data, explaining that while some iOS devices are in fact storing location information indefinitely, the data refers to locations of nearby cell towers rather than the particular GPS coordinates of the user, and is primarily being used for quickly providing mapping information. Our followup article explains how the company will change the collection of this data going forward.

  1. This looks really interesting, but how do you actually install/use the program? I’ve downloaded the .zip file and unzipped it, but none of the files within look like application files and the ‘readme’ file doesn’t seem to work either…

    Anyone managed to get it to work?

  2. dennis,
    The Find My iPhone feature of Mobile Me will do this if you enable it on your phone/iPad. This particular issue is that the phone saves your location on the phone itself and, as a result, on the backups of your phone data. To access the data that’s associated with a stolen phone, you would first have to recover the phone, or you would have to access the computer the thief was usuing to back up the phone (if they were backing it up). So it’s not very useful in tracking down a stolen phone, but it might let you know where a stolen phone had been once you’ve recovered it.

  3. I wonder if you can use this function, when ur iPad or iPhone get’s stolen. That would be a nice way to track your device down.

Leave a Reply

Your email address will not be published. Required fields are marked *