GROW YOUR TECH STARTUP

Apple continuously tracking and storing iPhone location data

April 20, 2011

SHARE

facebook icon facebook icon

The Apple iPhone and iPad with 3G connectivity constantly record and store location data to a file on the user’s device according to security researchers Pete Warden and Alasdair Allan. The two uncovered the existence of a “secret” file on iOS devices complete with legacy location data and will present their findings later today at Where 2.0 in San Francisco.

Visualisation one one user's vulnerable location data recorded by an iPhone

Visualisation of one user's vulnerable location data recorded by an iPhone

The file contains periodic records of latitude and longitude points, along with time references, on iOS 4.0 devices and above. Since the iOS 4 update was first released in June 2010, it’s possible that records may contain location data for up to one year.

The researchers stated in a blog post on O’Reilly Radar that iPhones are,

“regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps.”

The “secret” file is then backed-up to users’ computers every time they synchronise their device with iTunes in an unencrypted and freely accessible form. Allan and Warden have also built a simple application, available on GitHub, that helps users visualise their own location data.

“What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.”

It’s not yet understood why Apple has started to collect this data, although it does appear intentional. The sensitive information is constantly backed-up and even follows users across Apple device migrations like hardware upgrades.

“We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”

The two researchers have approached Apple with their concerns but as of yet have received no official response. Further information concerning how the file was discovered and the data it contains is discussed by both Allan and Warden in the video below:

SHARE

facebook icon facebook icon

Albizu Garcia

Albizu Garcia is the Co-Founder and CEO of Gain -- a marketing technology company that automates the social media and content publishing workflow for agencies and social media managers, their clients and anyone working in teams.

VIEW ALL POSTS

Sociable's Podcast

Trending