Your iPhone keeps an unencrypted record of your movements
If you are an owner of an iPhone or a 3G iPad, you’ll probably want to know that your location – along with a timestamp – is recorded by the device and stored into a file called “consolidated.db,” which is then copied on the computer to which you synchronize the device.
The file and its contents were discovered by Alasdair Allan and Pete Warden, two researchers that were collaborating on some data visualization projects and were curious whether they could do a visualization of mobile data.
During their search for it, they discovered the aforementioned file and analyzed it. It turns out that the data it contained allowed them to make a rather detailed visualization of how the phone – or rather his owner – moved about during a great period of time.
The file containing the data is found only on the device and on the computer with which it is synchronized, and there is no evidence that Apple is syphoning the data remotely. But why is this information collected and stored in the first place?
The researchers that it’s unclear, but that their best guess is that Apple has some new features in mind for the future, and that they will be needing the data to work properly. “The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental,” they commented.
But the biggest problem at the moment is that this file and its counterpart on the computer are not encrypted and are, thus, easily readable by third parties. “By passively logging your location without your permission, Apple have made it possible for anyone – from a jealous spouse to a private investigator – to get a detailed picture of your movements,” they said. And that’s without needing a court order.
According to their research, the data begun to be collected and stored in June 2010, with the release of iOS 4. The researchers said they contacted Apple’s Product Security team to ask them about the collected data, but received no response so far.
In the meantime, they developed an open source application that maps the information present in the file on the mobile device or on the computer. In order to demonstrate their point, but foil potential snoopers, they artificially reduced the spacial and temporal accuracy of the data.
“You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.”