Turns out that since June 2010 all iPhones and iPads (and any computers they synchronized to) have been secretly keeping timestamped records of everywhere their users have been. Without their knowledge, permission, or possibility to opt-out.
All iPhones appear to log your location to a file called “consolidated.db.” This contains latitude-longitude coordinates along with a timestamp. The coordinates aren’t always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there’s typically around a year’s worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.
The tracker was discovered by security researchers Alasdair Allan and Pete Warden and they’ve already created an open-source app you can use to see what your iPhone tracked. Here’s a video of them discussing how they discovered its existence and what it might mean.
Is Apple storing this information elsewhere?
There’s no evidence that it’s being transmitted beyond your device and any machines you sync it with.What’s so bad about this?
The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.
By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.
I, for one, am glad not to own an iPhone. But if I did own one, this would be the point where I destroyed it. Not because I’ve been traveling to secret places, but because tracking where I’m going without my knowledge or consent is way too creepy. I mean, I value my privacy more than I value a gadget.
Update/
The consolidated.db file also stores the MAC address and lat/lon of every wifi device that your phone has ever detected. Not just routers – anything it has ever detected. Google got into a huge mess for doing that not too long ago.
