A pair of programmers has discovered that iOS 4 devices are regularly recording their positions to hidden files, which reside on the devices and are transferred to any computer the devices are synced with during backup. Alasdair Allan and Pete Warden report for O’Reilly that while working on data visualization projects, they discovered a file “consolidated.db” that contains latitude-longitude coordinates along with a timestamp, and while the coordinates aren’t always accurate, they are rather detailed. According to the report, it appears that the location collection started with iOS 4, and thus the file could potentially contain tens of thousands of data points, or an entire year’s worth of movements. The pair note that the file is unencrypted and unprotected, and have contacted Apple’s Product Security team, but have yet to hear back.
As noted in our forums, Apple appears to have moved away from Skyhook and to an internal location database/detection service as of iOS 4. Given that users of Wi-Fi-only iPads and iPod touches have reported an ability to fairly accurately determine their location in situations that would prove challenging for an actual Skyhook-based system—such as in a moving car, with no Internet access available—it appears likely that iOS 4 devices are relying on this internal database to provide users with approximate location data even when no such data would normally be available. For those interested in seeing their own data, Allan and Warden have created a free Mac OS X application called iPhoneTracker that will automatically search the computer for any location files and display them on a timeline-enhanced map.
Update: The authors of the report have added a new section entitled “Who has access to this data?,” in which they state, “there’s no immediate harm that would seem to come from the availability of this data. Nor is there evidence to suggest this data is leaving your custody. But why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored.”
Update 2: One week after the release of this report, Apple posted a Q&A on Location Data, explaining that while some iOS devices are in fact storing location information indefinitely, the data refers to locations of nearby cell towers rather than the particular GPS coordinates of the user, and is primarily being used for quickly providing mapping information. Our followup article explains how the company will change the collection of this data going forward.
