If you travel around with an iPhone in your pocket or an iPad 3G in your bag, Apple knows everywhere you’ve ever been since the moment you started using your device. Even worse, it stores that information in a non-encrypted file structure that is synced with your computer every time you plug your device into iTunes.
The iOS privacy revelation was discovered by security researchers Alasdair Allan and Pete Warren, who have released a piece of software called iPhoneTracker to display where your iDevice has been just by examining the files on your machine stored in the “consolidated.db” file.
The good news here is that the information being stored isn’t being sent to Apple, or any other third-parties. It just sits on your computer. The bad news is that, starting with iOS 4, Apple started for whatever reason recording the date, time, latitude and longitude of every place your iPhone has ever been… and have stored it on users’ machines so insecurely that it can easily be accessed by malware.
Why has Apple started storing these details starting with iOS 4? It’s unknown, although Allan and Warren speculate it might be to support an upcoming feature in MobileMe or iOS 5. For more information, see this post over at O’Reilly Radar
Apple has not commented on the security issue. What do you think? A non-issue, or insidious? Let us know in the comments.