Starting With iOS 4, Your iPhone Has Been Secretly Tracking You

John Brownlee (8:31 am PDT, Apr 20 2011)

If you travel around with an iPhone in your pocket or an iPad 3G in your bag, Apple knows everywhere you’ve ever been since the moment you started using your device. Even worse, it stores that information in a non-encrypted file structure that is synced with your computer every time you plug your device into iTunes.

The iOS privacy revelation was discovered by security researchers Alasdair Allan and Pete Warren, who have released a piece of software called iPhoneTracker to display where your iDevice has been just by examining the files on your machine stored in the “consolidated.db” file.

The good news here is that the information being stored isn’t being sent to Apple, or any other third-parties. It just sits on your computer. The bad news is that, starting with iOS 4, Apple started for whatever reason recording the date, time, latitude and longitude of every place your iPhone has ever been… and have stored it on users’ machines so insecurely that it can easily be accessed by malware.

Why has Apple started storing these details starting with iOS 4? It’s unknown, although Allan and Warren speculate it might be to support an upcoming feature in MobileMe or iOS 5. For more information, see this post over at O’Reilly Radar

Apple has not commented on the security issue. What do you think? A non-issue, or insidious? Let us know in the comments.

DON'T MISS
Citi Mobile iPhone App Security Flaw Means Customers Should Update Now

Apps you might like

27 comments »

Barelyabsolut
This is pretty scaring.
Anonymous
Why it isn’t encrypted I don’t know, but otherwise this is basically a non-issue. How else would a location enabled mobile work if it didn’t find your location and store a record of it on the device? It’s only a problem if it’s sending the info to third parties.
Anonymous
Why it isn’t encrypted I don’t know, but otherwise this is basically a non-issue. How else would a location enabled mobile work if it didn’t find your location and store a record of it on the device? It’s only a problem if it’s sending the info to third parties.
JayeDee369
It’s a non-issue, just ask all the people that had their iPhones stolen and retrieved how they feel about that? This system isn’t perfect and quite honestly, if my phone or pad ever got stolen, and I couldn’t locate it, I’d be pissed. You want security, privacy and all that other crap go live in a cave sheeesh!!!
http://twitter.com/markbyrn markbyrn
More cut and paste ‘journalism’ from Cult of Mac – what a surprise. These ‘researchers’ didn’t discover anything – here’s an article from Sep 2010 and forensics types use it. See
http://blog.csvance.com/?p=39
christoph
the information isn’t really accurate, or at least that program you linked doesn’t display them accurately… I couldn’t see the streets that I travel often, there are just dots all over the area that I’m living in
Zachary Kline
Yes, the fact that he information is not encrypted is a minor cause for concern. Is this a malicious plot on Apple’s part to sell our locations to ad providers or someone worse? Possibly, but I think not. My gut instinct says there’s nothing to really worry about here, though someone will almost certainly try to make the case that there is. Call me naive or trusting, but I refuse to get into a panic about something like this.
Walker
Anytime a company uses personal information like for instance a history of our whereabouts and doesn’t tell us about it IT’S INSIDIOUS. Yes, of course, it’s insidious. And it’s arrogant on their part. And it’s worrisome. These guys, Jobs included, must think of themselves as Gods.

Conchuir
They don’t actually use the data! It isn’t sent to them, please, read the post before commenting.

Johann Snyman
Non issue. Folks are too uptight. Why should I care if somebody knows where I am, or where I’ve been?
BMWTwisty
So, uhhh, if you’re that paranoid, would turning off “Find My iPhone” eliminate the problem? It might.
paul
Like this feature :) Great app!!
http://twitter.com/poppa1138 Jon
I thought all mobile networks did this, who cares…
Bob
This statement:
“Apple knows everywhere you’ve ever been since the moment you started using your device.”
is completely inconsistent with this statement:
“The good news here is that the information being stored isn’t being sent to Apple, or any other third-parties.”
This is, on the other hand, completely consistent with my impression that you are one of the worst writers/bloggers that I have encountered.
You should retract this post.
Bob
This statement:
“Apple knows everywhere you’ve ever been since the moment you started using your device.”
is completely inconsistent with this statement:
“The good news here is that the information being stored isn’t being sent to Apple, or any other third-parties.”
This is, on the other hand, completely consistent with my impression that you are one of the worst writers/bloggers that I have encountered.
You should retract this post.
Lianna
The guy’s surname is WarDen, not WarRen.
Me
I know i nice song, it’s called paranoid! :-) who cares!

Anonymous
This is exactly how Apple (and other controlling entities) want you to behave. Information is power. They can use this information for valuable analytics… and likely will. And if it is compromised and made public, every potential mate and employer will know you spend too much time at that naughty place.

B1937
They didn’t inform me, thats BAD. It is not secure, that is very BAD. I have no idea why this bothers me so. But it does. I guess I do not have anything to hide, now. But I may find that I will some day, eh? Sorry Apple, this is Your BAD. Fix it!
Waxwing1
How does Apple know(s) everywhere I’ve been if the information hasn’t been sent to Apple?
http://twitter.com/Tomas_ScionLife Tom Losh
My personal opinion is that ANY tracking should require the *informed consent* of the user, and should be something that *by default* is turned off.
Again, personally, I don’t mind all that much so long as it is under my control and readily accessible to me, but *I* need to know such things are happening, and *I* need to be able to make those decisions.
This is *not* something that I am willing to cede to *any* random party – I should be informed before it is done and I should have the ability to block it at will.
Tomas
47.2030, -122.5357

Joseph
But you understand that if you’re using a mobile phone, the phone and the network have to know where you are. Arguably it doesn’t need to be stored on your phone but the network will 100% keep the information (i.e. they will “track” you and keep a history of it) because the information is critical to their business. If you don’t want to be “tracked”, you shouldn’t carry a mobile phone.

Anonymous
They can do this but they can’t get a phone call to last more than 5 minutes without dropping? Priorities Apple… priorities.
Anonymous
I’m staying with my old Nok, it chunks battery but its GPS works smooth in Europe.
http://profiles.google.com/simeonlatham Simeon Latham
is it OSX only?
Anonymous
i use Mobile Spy http://www.mobile-spy.com/iphone totrack all types of information of my iPhone. this is good stuff
http://www.facebook.com/omegaspy River Ho
I’m not good money for this, because http://omegaspy.com allows I use gps for free

About the author

John Brownlee is news editor here at Cult of Mac, and has also written about a lot of things for a lot of different places, including Wired, Playboy, Boing Boing, Popular Mechanics, Gizmodo, Kotaku, Lifehacker, AMC, Geek and the Consumerist. He lives in Cambridge with his charming inamorata and a tiny budgerigar punningly christened after Nabokov's most famous pervert. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by John Brownlee.

Posted in News, Top stories |