16 Comments

Summary:

Developers Alasdair Allan and Pete Warden recently discovered that your iPhone or 3G-capable iPad has been regularly recording your device’s location since the introduction of iOS 4. All of the data regarding your device’s whereabouts during the past year is easily accessible using a simple app.

iphone-location-map

At the Where 2.0 location services conference Wednesday, Alasdair Allan and Pete Warden will be announcing the discovery that your iPhone or 3G-capable iPad has been regularly recording your device’s location since the introduction of iOS 4. The iOS devices store a list of the device’s location and time stamps for when the location information was gathered, and does it all using a file that can be easily read by just about anyone.

The file that does the tracking is called “consolidated.db,” which contains latitude and longitude coordinates attached to a timestamp. It’s not clear exactly what triggers your device to record a location, since the recording appears to vary considerably in terms of frequency. Allan and Warden suspect that the logging may be triggered by travelling between cell towers, which aid in location determination, or by activity on the phone, like using apps. It isn’t clear why Apple began storing this info in iOS 4, but Allan and Warden are convinced the effort is intentional.

Back in March, a German politician working with German newspaper Die Zeit sued Deutsche Telekom to get access to his own location data from his mobile phone, and put together a visualization of where he’d been for six months. Carriers do have this data, but it requires a court order to get it from them. Using the iOS 4 location tracking file (which is stored on any computer where you’ve synced your device) and a free, open source application developed by Allan and Warden, anyone can now do the same in about two minutes with virtually no technical expertise.

Allen and Warden warn that the info can be easily accessed on the device itself, in addition being in backups on computers you’ve synced with. Users who want to protect themselves can encrypt their backups through iTunes, but that doesn’t stop information on the device itself from being accessible. We’ve reached out to Apple about the issue and will let you know if they provide any additional info about how to ensure your data remains private.

As you can tell from the screenshot of my location data included in this article, I’m not particularly concerned about this data being out there, but I tend to lean towards the open and trusting end of the scale when it comes to information sharing. Then again, that probably makes me a prime candidate for things like Please Rob Me, and many others will likely not be so comfortable knowing their iPhone or iPad has a relatively accurate record of their whereabouts over the past year or so. Is this disturbing to you, or just a neat visualization trick you can show your friends?

  1. Absolutely disturbing. This could also explain why iPod Touch users got a free upgrade to iOS4.

    Share
  2. Hey, but this is fairly old news. And one thing you “forgot” to mention is, what the folks who discovered this clearly point out: “There’s no evidence that it’s being transmitted beyond your device and any machines you sync it with.” You might want to add this pretty important detail to your post.

    Share
    1. I don’t suggest that it is being transmitted anywhere in the article, but that is good to note. Thanks for the comment.

      Share
    2. Are you referring to this Ralf? — Apple addressed the location db issue way back in July 2010 – See Section II, Part C of the PDF – http://1.usa.gov/dSbExs

      Share
  3. It doesn’t bother me. But, like you, I don’t have any secrets to hide. I can see it being a problem (maybe in a good way!) for someone cheating on their spouse, or buying drugs on the street or something. It could be a major problem for someone who has legitimate secrets related to where and when they go places, such as secret service agents or people who are being stalked.

    Share
  4. No mention of turning off Location Services on the phone?

    Share
  5. Isn’t iOS 4 when the Find My iPhone/iPad feature was added? Coincidence?

    Share
    1. Find my iPhone was added since 3.0 but only for MobileMe members and was made free of charge since 4.2.1 but only for 2010 devices and up.

      Share
    2. No. iOS4 was when it became free I think. Fine my iPhone was there for Mobile Me users well before iOS4.

      Share
  6. Isn’t this a blatant violation of European privacy laws? Oh, wait, laws don’t apply to Apple because they’re magical. And unicorns fly out of Steve Jobs’ butt.

    This is a huge problem for business travelers, who would probably not want their competition to know that they’ve just visited Customer A, Customer B, and Customer X, for example.

    And anyone who thinks he has nothing to hide must be blissfully unaware of the penchant governments have for finding scapegoats, for the sake of reassuring the public, when actual criminals can’t be located and captured. All you need to do is be close by when a terrorist attack goes down (or a bank robbery, or a jewelry store holdup, etc.) and you’e a prime candidate to be hauled in for question as one of the “usual suspects.”

    Share
  7. Oh, and just one more thing: The cops are *already* using this information to see if they can stick more charges to you during routine traffic stops: http://www.thenewspaper.com/news/34/3458.asp

    Share
  8. Sneaky Steve

    Share
  9. I don’t mind as long as it stays on my devices. I imagine this might be of some use in a future version of iOS (like when iGroups – or whatever are they going to call it – is introduced, for example). Or for some new developer API for iOS 5? Anyway, if it is for some future features, I am sure apps won’t be able to access it without asking. Apple should ensure the information is stored safer, though.

    Share
  10. Another analysis/view… http://t.co/OMxlcDB
    Apple isn’t collecting data | This is nothing new | It’s been there since before iOS4

    Share

Comments have been disabled for this post