Your iPhone 4 and iPad are tracking your every move.
iPhone and 3G-enabled iPad users beware: your device is tracking your every move, and keeps a record of where you are, all the time, in a file that it stores unencrypted on the device, and on your computer.
News of the secret file, stored as 'consolidated.db' on your iPhone 4, hit the blogosphere this week, although forensics experts have been discussing it for far longer. The phone gathers information on your whereabouts, storing latitude and longitude co-ordinates, linked to timestamps, along with cellphone tower IDs. The data points have been collected in this file since the launch of iOS version 4, which means that your phone could contain almost ten months of data on your movements. On average, it is collecting 100 points each day. On top of that, it is also collecting information on the WiFi networks that the phones connect to.
The data gets backed up to your computer when you synchronise it, and it also survives across multiple devices when you restore backups on new iPhones.
The researchers that discovered the data produced an application called iPhoneTracker, which reads the consolidated.db file and plots the information on a map. For many, it will be an interesting record of their own movements over the past few months.
The question is, is anyone else going to use that information? Researchers say that there is no evidence that the data is being sent out of the user's custody, back to some secretive, shady location somewhere. The data is most likely used for developers wanting to use the information for their own apps. However, there are two caveats here.
Firstly, the data is backed up, unencrypted, on your computer. If your machine is stolen, (as happened to me last December), or it gets hacked, then someone else will have access to that machine. Mobile telcos already store your cell ID data anyway, meaning that they can track you, but you'd need a court order to get at that information. You can see an example of the data that mobile telcos collect here. However, this file is out there in the clear.
Secondly, there are interesting reports of mysterious data uploads from iOS4 devices in the early hours of the morning. I'm not directly drawing a connection, but it does make me wonder. If anyone figures out a way to sniff what data iPhones seem to be routinely sending across 3G networks at 2am, it'd make interesting reading.
Whether or not the file reaches Apple or not, it is playing fast and loose with your location data, which while may not contain information that personally identifies you, is nevertheless stored on your phone, and your personal computer. Yet another reason, then, to treat Apple with suspicion. I use an iPhone 4. My next phone won't be an iPhone 5.
If you want to kill the file, you'll have to jailbreak your phone.
Danny Bradbury, MSN Tech & Gadgets