Starting With iOS 4, Your iPhone Has Been Secretly Tracking You

Starting With iOS 4, Your iPhone Has Been Secretly Tracking You

If you travel around with an iPhone in your pocket or an iPad 3G in your bag, Apple knows everywhere you’ve ever been since the moment you started using your device. Even worse, it stores that information in a non-encrypted file structure that is synced with your computer every time you plug your device into iTunes.

The iOS privacy revelation was discovered by security researchers Alasdair Allan and Pete Warren, who have released a piece of software called iPhoneTracker to display where your iDevice has been just by examining the files on your machine stored in the “consolidated.db” file.

The good news here is that the information being stored isn’t being sent to Apple, or any other third-parties. It just sits on your computer. The bad news is that, starting with iOS 4, Apple started for whatever reason recording the date, time, latitude and longitude of every place your iPhone has ever been… and have stored it on users’ machines so insecurely that it can easily be accessed by malware.

Why has Apple started storing these details starting with iOS 4? It’s unknown, although Allan and Warren speculate it might be to support an upcoming feature in MobileMe or iOS 5. For more information, see this post over at O’Reilly Radar

Apple has not commented on the security issue. What do you think? A non-issue, or insidious? Let us know in the comments.

Related
  • Barelyabsolut

    This is pretty scaring.

  • prof_peabody

    Why it isn’t encrypted I don’t know, but otherwise this is basically a non-issue. How else would a location enabled mobile work if it didn’t find your location and store a record of it on the device? It’s only a problem if it’s sending the info to third parties.

  • JayeDee369

    It’s a non-issue, just ask all the people that had their iPhones stolen and retrieved how they feel about that? This system isn’t perfect and quite honestly, if my phone or pad ever got stolen, and I couldn’t locate it, I’d be pissed. You want security, privacy and all that other crap go live in a cave sheeesh!!!

  • markbyrn

    More cut and paste ‘journalism’ from Cult of Mac – what a surprise. These ‘researchers’ didn’t discover anything – here’s an article from Sep 2010 and forensics types use it. See
    http://blog.csvance.com/?p=39

  • Chris

    the information isn’t really accurate, or at least that program you linked doesn’t display them accurately… I couldn’t see the streets that I travel often, there are just dots all over the area that I’m living in

  • Zachary Kline

    Yes, the fact that he information is not encrypted is a minor cause for concern. Is this a malicious plot on Apple’s part to sell our locations to ad providers or someone worse? Possibly, but I think not. My gut instinct says there’s nothing to really worry about here, though someone will almost certainly try to make the case that there is. Call me naive or trusting, but I refuse to get into a panic about something like this.

  • Walker

    Anytime a company uses personal information like for instance a history of our whereabouts and doesn’t tell us about it IT’S INSIDIOUS. Yes, of course, it’s insidious. And it’s arrogant on their part. And it’s worrisome. These guys, Jobs included, must think of themselves as Gods.

  • Johann

    Non issue. Folks are too uptight. Why should I care if somebody knows where I am, or where I’ve been?

  • BMWTwisty

    So, uhhh, if you’re that paranoid, would turning off “Find My iPhone” eliminate the problem? It might.

  • paul

    Like this feature :) Great app!!

  • poppa1138

    I thought all mobile networks did this, who cares…

  • Bob

    This statement:

    “Apple knows everywhere you’ve ever been since the moment you started using your device.”

    is completely inconsistent with this statement:

    “The good news here is that the information being stored isn’t being sent to Apple, or any other third-parties.”

    This is, on the other hand, completely consistent with my impression that you are one of the worst writers/bloggers that I have encountered.

    You should retract this post.

  • Kira

    The guy’s surname is WarDen, not WarRen.

  • Conchuir

    They don’t actually use the data! It isn’t sent to them, please, read the post before commenting.

  • Me

    I know i nice song, it’s called paranoid! :-) who cares!

  • B1937

    They didn’t inform me, thats BAD. It is not secure, that is very BAD. I have no idea why this bothers me so. But it does. I guess I do not have anything to hide, now. But I may find that I will some day, eh? Sorry Apple, this is Your BAD. Fix it!

  • Waxwing1

    How does Apple know(s) everywhere I’ve been if the information hasn’t been sent to Apple?

  • Tom Losh

    My personal opinion is that ANY tracking should require the *informed consent* of the user, and should be something that *by default* is turned off.

    Again, personally, I don’t mind all that much so long as it is under my control and readily accessible to me, but *I* need to know such things are happening, and *I* need to be able to make those decisions.

    This is *not* something that I am willing to cede to *any* random party – I should be informed before it is done and I should have the ability to block it at will.

    Tomas
    47.2030, -122.5357

  • buggietechnica

    They can do this but they can’t get a phone call to last more than 5 minutes without dropping? Priorities Apple… priorities.

  • buggietechnica

    This is exactly how Apple (and other controlling entities) want you to behave. Information is power. They can use this information for valuable analytics… and likely will. And if it is compromised and made public, every potential mate and employer will know you spend too much time at that naughty place.

  • Joseph

    But you understand that if you’re using a mobile phone, the phone and the network have to know where you are. Arguably it doesn’t need to be stored on your phone but the network will 100% keep the information (i.e. they will “track” you and keep a history of it) because the information is critical to their business. If you don’t want to be “tracked”, you shouldn’t carry a mobile phone.

  • olal

    I’m staying with my old Nok, it chunks battery but its GPS works smooth in Europe.

  • Simeon Latham

    is it OSX only?

  • clouseonline

    i use Mobile Spy http://www.mobile-spy.com/ipho… totrack all types of information of my iPhone. this is good stuff

  • River Ho

    I’m not good money for this, because http://omegaspy.com allows I use gps  for free

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories |