Two security researchers have discovered that Apple’s iPhone keeps track of a user’s location and saves that information to a file that is stored both on the device and on a user’s computer when they sync or back it up in iTunes.
The researchers, Pete Warden and Alasdair Allan, discovered the hidden file while collaborating on a potential data visualization project. “At first we weren’t sure how much data was there, but after we dug further and visualised the extracted data, it became clear that there was a scary amount of detail on our movements,” Warden told The Guardian.
What Does the Data Say
The data, which is stored as a log in a file called “consolidation.db,” contains longitude and latitude coordinates along with a timestamp. Right now, it appears that Apple has been recording this information since iOS 4.0 was released last June. Allan and Warden think that this information is determined by cell-tower triangulation. Although it isn’t always exact, it can give a very detailed overview of where an individual (or their phone) has traveled over a period of time.
Visualizing the Data
Beyond simply revealing that this data is available and, with a little work, accessible, Warden and Allan created a web app that can create a visualization of a user’s location information from an iPhone or 3G iPad.
Warden and Allan are not the first two data scientists to uncover this data store. However, they have created the most layperson accessible proof of concept that can showcase how this data could potentially be used.
What Does this Mean
As Warden and Allan make clear, right now, there is no evidence that the data ever leaves the user’s custody or that it is transmitted to anyone else. In other words, for someone to access this information, they need physical access to your phone or your computer with data backups, along with the wherewithal to actually use it.
The bigger question is: why does this data exist in the first place? Moreover, why is this data not encrypted within a backup? Sure, users can choose to encrypt their iPhone backups, but this is the type of file that strikes us as being encryption-worthy from the start.
Realistically speaking, the likelihood that this data could be used for evil is miniscule. We would be far more troubled if this information was accessible to other apps or was sent to Apple. Having said that, its very existence raises questions that Apple should be forced to address.
by Christina Warren