PALO ALTO, CA – It was revealed today that iPhones keep track of everywhere a user goes… and saves the information in a database!
Privacy fears raised as researchers reveal file on iPhone that stores location coordinates and timestamps of owner’s movements
Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronized.
The file contains the latitude and longitude of the phone’s recorded coordinates along with a time stamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.
For some phones, there could be almost a year’s worth of data stored, as the recording of data seems to have started with Apple’s iOS 4 update to the phone’s operating system, released in June 2010.
“Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been,” said Pete Warden, one of the researchers.
Only the iPhone records the user’s location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. “Alasdair has looked for similar tracking code in [Google's] Android phones and couldn’t find any,” said Warden. “We haven’t come across any instances of other phone manufacturers doing this.”
Simon Davies, director of the pressure group Privacy International, said: “This is a worrying discovery. Location is one of the most sensitive elements in anyone’s life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage.”
Warden and Allan point out that the file is moved onto new devices when an old one is replaced: “Apple might have new features in mind that require a history of your location, but that’s our speculation. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn’t accidental.” But they said it does not seem to be transmitted to Apple itself.
Although mobile networks already record phones’ locations, it is only available to the police and other recognized organizsations following a court order under the Regulation of Investigatory Power Act. Standard phones do not record location data.
The iPhone system, by contrast, appears to record the data whether or not the user agrees. Apple declined to comment on why the file is created or whether it can be disabled.
Warden and Allan have set up a web page which answers questions about the file, and created a simple downloadable application to let Apple users check for themselves what location data the phone is retaining. The Guardian has confirmed that 3G-enabled devices including the iPad also retain the data and copy it to the owner’s computer.
If someone were to steal an iPhone and “jailbreak” it, giving them direct access to the files it contains, they could extract the location database directly. Alternatively, anyone with direct access to a user’s computer could run the application and see a visualization of their movements. Encrypting data on the computer is one way to protect against it, though that still leaves the file on the phone.
Apple can legitimately claim that it has permission to collect the data: near the end of the 15,200-word terms and conditions for its iTunes program, used to synchronise with iPhones, iPods and iPads, is an 86-word paragraph about “location-based services”.
It says that “Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.”