British security researchers have figured out that iPhones keep track of where their owners go, saving data to the device and uploading it to a user’s computer when the phone is synced with iTunes. The data includes the phone’s latitude and longitude and is timestamped to the second, all of which is recorded in a hidden file–which is very much not secure.
This could theoretically be useful for anyone interested in knowing where an iPhone owner spends his or her time — advertisers, employers, spouses, parents.
“Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements,” according to researcher Pete Warden.
To be clear, such a snoop would need access to your phone or computer and a way to extract and refine the data. It is not sent to Apple nor any third parties, as far as the researchers can tell — it’s just stored on an individual user’s devices. But it is apparently not very difficult to extract the location data from a user’s computer.
Warden and Alasdair Allan say they tried to find similar location tracking code on Android phones, but could not find anything. “We haven’t come across any instances of other phone manufacturers doing this,” Warden tells the Guardian.
Given Google’s penchant for location tracking and mapping, the alarm is perhaps surprising — Google’s “Latitude” app lets users see their friends on a map, for instance. But Latitude requires that users actively choose to track their location information; in this case, the user is unaware of the data collection. The Guardian reports that Apple did not comment on why the file was created or whether it could be disabled. If you upgrade to a new phone, the file is transferred to that next-generation device, which the researchers say means the data collection is not accidental.
Warden — who has previously worked for Apple — and Allan created their own app that finds the hidden file among the stored backup files on a Mac and turns it into a map. If you don’t care to visualize your travels, Warden explains how to find the file on his website.
The researchers believe the location data is obtained by triangulating the phone’s position against the closest cell phone towers, which uses less battery power than GPS. It also explains why some of the data is incorrect, as triangulation is much less precise than GPS. But the data is still alarmingly accurate, tracking your history as an iPhone owner through the months and years. Forgot that you took that trip to Boston last summer? Your iPhone didn’t.
It’s not clear how this information would be used, but there are several possible explanations, including targeted mobile advertising, synchronization for location-based networks like FourSquare, understanding commuter habits, and so on.
Allan found the file while the pair were working on how to visualize mobile data, having already collaborated on other data-visualization projects including a radiation map for Japan. At first the researchers weren’t sure what it was, Warden explains on his website.
“After we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements,” he writes.
There is no real way to disable this logging at the moment, though you can encrypt your data to make it harder to read once it’s synced to your computer. This is a big enough problem that we expect Apple will respond at some point, so we’ll keep you updated if and when that happens.