Security researchers raised eyebrows on Wednesday when they revealed that Apple’s iPhone and iPad with 3G support maintain detailed location logs that track user locations and that the data is stored on unencrypted their computer. The discovery of the not-so-hidden files has led to privacy concerns, although it doesn’t appear that Apple is collecting the location tracking data.
The location data file is stored on the user’s iPhone or 3G iPad as well as in the backup files that iTunes generates when a user syncs their device with their computer, according to Pete Warden and Alasdair Allan, the researchers that discovered the potential privacy issue. By default, the information is stored unencrypted, which means anyone with access to the user’s computer has the potential to see detailed information about where the iPhone has been, including latitude, longitude and time stamps.
Based on their research, Mr. Warden and Mr. Allan don’t think Apple is collecting any of the tracking data. Instead, it simply sits in unused files on user’s computers and iPhones.
The iPhone is logging detailed tracking data
It appears Apple began storing location data around the time iOS 4 was released. In The Mac Observer’s tests, we found that the oldest location data recorded was from June 16, 2010, which also happens to be the same day iTunes 9.2 was released. iOS 4 rolled out a few days later on June 21. It also appears that the location tracking file appears only for GSM-based iPhones, which means Verizon iPhone users aren’t impacted by this — at least for now.
To help illustrate how much information Apple is logging, the researchers cobbled together an application that access the tracking file and plots the data on a map. They intentionally reduced the accuracy of the plotted information to help limit potential abuse.
“Apple has made it possible for almost anybody — a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been,” Mr. Warden said.
Apple isn’t saying why it is logging such highly detailed location data, or why the information is available in an easily accessible file. While it’s easy to jump to conspiracy theories, it’s more likely the company plans on using the information at some point for social networking services or targeted marketing.
“[Apple] have new features in mind that require a history of your location, but that’s pure speculation,” Mr. Warden said. “The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental.”
iPhone owners can add a little more protection for their privacy by encrypting the backup files that are stored on their Mac so a password is required to access the content. Here’s how:
- Launch iTunes and connect your iPhone to your computer.
- Select your iPhone in the Library list in iTunes, then choose the
- Scroll to the bottom of the window and check
Encrypt iPhone backup.
- Enter a password when prompted.
The data on your iPhone is stored in an unencrypted format unless you use a passcode lock. The passcode feature on the iPhone, iPod touch and iPad can be enabled by tapping
Settings > General > Passcode Lock. If a simple four-digit security code doesn’t offer enough protection, users can enable iOS’s more secure passcode feature, too.
While logging mobile phone location data isn’t something new, Apple’s decision to store that information in an unencrypted file without user’s knowledge falls outside of common industry practices. To obtain that data for other phones, authorities or private investigators would need to gain a court order that compels the service provider to had over the files.
Apple hasn’t commented on its location tracking practices.
[Thanks to the Guardian for the heads up.]