The Apple iPhone and iPad with 3G connectivity constantly record and store location data to a file on the user’s device according to security researchers Pete Warden and Alasdair Allan. The two uncovered the existence of a “secret” file on iOS devices complete with legacy location data and will present their findings later today at Where 2.0 in San Francisco.
The file contains periodic records of latitude and longitude points, along with time references, on iOS 4.0 devices and above. Since the iOS 4 update was first released in June 2010, it’s possible that records may contain location data for up to one year.
The researchers stated in a blog post on O’Reilly Radar that iPhones are,
“regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps.”
The “secret” file is then backed-up to users’ computers every time they synchronise their device with iTunes in an unencrypted and freely accessible form. Allan and Warden have also built a simple application, available on GitHub, that helps users visualise their own location data.
“What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.”
It’s not yet understood why Apple has started to collect this data, although it does appear intentional. The sensitive information is constantly backed-up and even follows users across Apple device migrations like hardware upgrades.
“We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”
The two researchers have approached Apple with their concerns but as of yet have received no official response. Further information concerning how the file was discovered and the data it contains is discussed by both Allan and Warden in the video below: