This is going to be a major PR nightmare for Apple. Security researchers Pete Warden and Alasdair Allen today announced that they have discovered that all iPhones and 3G-enabled iPads keep a log of your every move in an unencrypted file that is hidden inside the iOS filesystem. The files are backed up and restored every time you sync your phone with a desktop computer. According to the researchers, no other phone currently does this and keeping this data on the phone has wide-reaching security and privacy implications. The researchers also believe that this is an intentional move on Apple’s behalf and not just the result of a temporary log file not being deleted properly.

If you have an iPhone and a Mac, you can download Pete Warden’s iPhoneTracker application to see what data your phone has gathered.

What’s the Problem?

There is something rather interesting about seeing this data, but it is also rather creepy at the same time. Currently, the mobile phone carriers do keep a log of your location data. This data, however, is kept (relatively) safe and it takes a court order to get it. Indeed, as the data is backed up on your computer, whoever wants to know where you’ve been since you bought your iPhone 4 or iPad 3G can easily do so with Warden’s tool.

As the data is stored outside of Apple’s sandbox for regular applications that run on your iOS device, regular apps can’t access it, unless you have jailbroken your device.

It’s worth noting that none of your data is being transmitted to other devices or Apple’s servers.

How Good is the Data?

Looking at my own data, I noticed that Apple only seems to record your location when your cell phone connection is working. It did not record any data for trips through mountain passes without cell connections, for example. Sometimes the data is also a bit off, as it seems to be geared more towards the location of cell towers than data gathered from the phone’s built-in GPS.

On the device, the data is second-by-second. The iPhoneTracker tools deliberately obscures the exact location, too, and only shows it on a grid-like view. If you access the raw files, though, you will see that exact location and time stamps. Given that the code for the iPhoneTracker tools is open source, though, it’s only a matter of time before somebody will write an application that gives you easy access to the more granular data.

In the video below, Warden and Allen discuss how they found this data:

Trackbacks