Apple iPhone Tracks Users’ Location in Hidden File

iPhone users’ movements are being tracked and stored without their knowledge in a hidden file by Apple’s iOS 4 operating system, two programmers revealed at the Where 2.0 conference.

Apple iPhones and 3G iPads are secretly recording and storing details of all their owners' movements, researchers claim. Photo: Adria Fontcuberta/Flickr

Apple’s iOS 4 operating system collects information about where iPhone and 3G iPads users travel, security experts Alasdair Allan and Pete Warden revealed at the Where 2.0 conference.

The continually-updated log is held on both the iPhone and the computer it connects to and contains a list of coordinates, and associated timestamps. The records go back to the release of the 4th iteration of the iOS operating system in June last year.

The data, consisting of latitude and longitude coordinates and corresponding timestamps, is stored unencrypted and, apparently, without conspicuous notification. Apple did not respond to a request to explain whether any of its user agreements cover this practice.

The true contents of the enigmatically-named file “consolidated.db” were discovered by two British software developers who were working on ways of visualising location data for websites.

“At first we weren’t sure how much data was there, but after we dug further and visualised the extracted data, it became clear that there was a scary amount of detail on our movements,” said Alisdair Allan and Pete Warden. Mr Warden previously worked for Apple in an unrelated area.

Apple’s reason for recording the data is unclear and its spokesmen did not return calls requesting comment. However, although the practice is not explicitly flagged-up, it appears to be covered in the company’s terms of use.

“We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behaviour and improve our products, services, and advertising.”

Mobile network operators keep records of users’ movements based on which masts they are connected to, which police and intelligence agencies can access legally. The data stored by the iPhone could however be accessed by anyone with access to it or the computer it connects to, and is not protected by a password or encryption.

Mr Allan and Mr Warden have set up a website to publicise their findings and allow iPhone users to test whether their movements are being recorded. To further highlight the issue they have developed a simple application that plots the coordinates and timestamps on web-based mapping software.

“One guess might be that they have new features in mind that require a history of your location, but that’s pure speculation,” said the researchers, adding that the way the data is copied between the iPhone and computer indicated it was not gathered accidentally.

Other technology giants including Facebook and Google encourage users to hand over location data partly because it is potentially valuable to advertisers.

Apple’s actions may result in litigation because its data collection is similar in some respects to what Google was doing when it unwittingly allowed its Street View cars to collect information from open Wi-Fi networks without disclosure.

While Apple’s software is not collecting actual packet data traveling over Wi-Fi as Google did, it is recording the MAC addresses of Wi-Fi access points near the iPhone owner being tracked.

Dr Ian Brown, a senior research fellow at the Oxford Internet Institute, said: “I certainly think it’s something they should have brought much more to the attention of the user, and that it should only be switched on after an explicit user decision.”

Graham Cluley, senior technology consultant at security firm Sophos, said that it was unlikely Apple Inc. planned to use the information for commercial purposes.

“I think there are some legitimate privacy concerns and people will probably look for a way of obscuring that data,” he said. “But it is an object lesson about reading the terms and conditions.” [via The Telegraph (UK), BBC and Information Week]

Share this article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.