Apple tracking location of iOS4 device users, researchers say
A team of researchers have discovered that iOS4 is secretly obtaining your location and recording it to a hidden file, raising obvious privacy concerns and questions as to why Apple would be storing such information. The researchers believe it is intentional, as the file is restored after backups and even when the user switches to a new device.
Alasdair Allan and Pete Warden of O'Reilly are presenting their findings at the Where 2.0 conference on Wednesday. They say the functionality appears new to iOS4, and they have attempted to contact Apple's security team on the issue but have not heard anything back.
Allan says that the existence of the file on your computer is a security risk, as it is both unprotected and unencrypted. "It can also be easily accessed on the device itself if it falls into the wrong hands," he wrote in a blog post. "Anybody with access to this file knows where you've been over the last year, since iOS 4 was released."
The file name where the information is stored is 'consolidated.db,' and each entry contains latitude and longitude coordinates along with a timestamp. There does not appear to be any regular interval as to when the phone is collecting and storing this data, thus it may be triggered by events such as phone calls or events on the phone.
The two researchers have created an application to view the database file on a users home computer. They did say there currently appears to be no exploits taking advantage of this file, however now that its existence is public, it may only be a matter of time.
One possible method to prevent any data loss would be to check the option for "Encrypt iPhone Backup" within iTunes, Allan wrote.