Most iPhone users wouldn't know it, but their handsets have been collecting a highly detailed history of their movements via cellphone triangulation. The data is then stored, usually in the clear, on their Mac computer whenever the two devices synchronize.
Apple does not appear to be using this data, either on the phone itself or by uploading it to an Apple server. But it remains in place on both the iPhone (or iPad, or any device running iOS 4) and a user's companion Mac, according to two programmers who discovered the iPhone data location file.
Programmers Alasdair Allan and Pete Warden created and published an open source application, called iPhone Tracker, which can take the saved location data and plot it on a map. This lets you see the highly detailed path your iPhone has traced.
"By passively logging your location without your permission, Apple has made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements," Warden writes in the app's accompanying FAQ.
The two coders formally unveiled their findings at this week's O'Reilly Where 2.0 conference. In his own blog post, Allan writes, "Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations."
Allan stumbled across the data file while the pair was working on a mobile data visualization project. "At first we weren't sure how much data was there, but after we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements," Warden writes. "It also became obvious that at least some other people knew about it, but it wasn't being publicized."
They are not the first to have noticed the file, as their FAQ notes. Ryan Neal, a computer forensics student, has begun researching this file, with which, he says, "Individuals familiar with iPhone forensic analysis will be quite familiar." And seven months ago, Paul Courbis, a Frenchman, published (in French) what may be the first public look at the "consolidated.db" file.
Finding the consolidated.db file is something of a chore, which Warden describes in detail in his FAQ. Once this SQLite file is found, it can be opened with any SQLite browser. "Open up the file, choose the 'CellLocation' table, and you can browse the tens of thousands of points that it has collected," Warden writes. "The most interesting data is the latitude, longitude location and the timestamp. The timestamp shows the time in seconds since January 1st 2001."
The data collection apparently can't be blocked, and the database itself apparently cannot be removed, though it can be encrypted via the iPhone backup process. "This database of your locations is stored on your iPhone as well as in any of the automatic backups that are made when you sync it with iTunes," Warden writes. "One thing that will help is choosing encrypted backups, since that will prevent other users or programs on your machine from viewing the data, but there will still be a copy on your device."
"There's no evidence that [the data is] being transmitted beyond your device and any machines you sync it with," he says. But it's not clear why the data is being collected in the first place, he notes; and unless encrypted, it's available to anyone who can access your iPhone or Mac.
John Cox covers wireless networking and mobile computing for Network World.