Yesterday, researchers revealed the tracking and storage of users’ location data on Apple iPhones and 3G-enabled iPad tablets. Now, Ars Technica takes a closer look explaining, “How Apple tracks your location without consent, and why it matters.”
If you haven’t yet enabled encrypted backups for your iPhone or iPad, now’s definitely the time to start. Two security researchers have discovered a simple way to map out where you’ve been almost anywhere in the world—without any hacking involved. The information comes from a location cache file found within your iPhone’s backups on your Mac or PC, bringing out serious privacy concerns and opening the door for a jealous spouse, thief, or even a crafty trojan to take a detailed look at your whereabouts. And it’s information that no one should have access to—not even law enforcement, barring a court order.
Researchers Alasdair Allan and Pete Warden revealed their findings on Wednesday ahead of their presentation at the Where 2.0 conference taking place in San Francisco. The two discovered that the iPhone or 3G iPad—anything with 3G data access, so no iPod touch—are logging location data to a file called consolidated.db with latitude and longitude coodinates and a timestamp. The data collection appears to be associated with the launch of iOS 4 last June, meaning that many users (us at Ars included) have nearly a year’s worth of stalking data collected.
In order to drive the point home, the two developed an open source application called iPhone Tracker that lets anyone with access to your computer see where you’ve been. […]
Of course, the fact that this data exists somewhere is nothing new. Cell companies have been tracking this triangulation information for their own purposes for years. In the US, however, regular people cannot access that data—law enforcement must obtain a court order before they can get it for an investigation, and your jealous spouse can’t get it from the wireless company at all.
What the cellco has on you is now basically being mirrored in a file on your iPhone or iPad without any kind of encryption, and is also being copied to your computer. (Allan and Warden say that, according to their research, no other phones log triangulated cell locations in this way, including Android phones.) And, if you leave iTunes on the default syncing settings, your iPhone backups aren’t being encrypted on the computer either, making tools like iPhone Tracker possible. […]
[iPhone hacker and forensics expert Jonathan Zdziarski] says the iPhone has actually been logging this location data for longer than a year, but it wasn’t so easily accessible before the launch of iOS 4 in mid-2010. […]
Apple did not respond to our questions about how long it has been logging the location data, but it’s clear that the reason the issue is coming to light now is because of this easy access. Zdziarski added that the iPhone in general “leaks like a sieve,” and warned that consumers should consider the possible implications to their personal privacy with today’s discovery.
Privacy advocates are taking things a step further by calling out Apple for abusing user trust. “Apple has some explaining to do. iPhone owners place a great deal of trust in Apple, and Apple has a responsibility not to abuse that trust,” Princeton University Center for Information Technology Policy researcher and regular Ars contributor Timothy B. Lee said.