British security researchers have figured out that iPhones keep track of where their owners go, saving data to the device and uploading it to a user’s computer when the phone is synced with iTunes. The data includes the phone’s latitude and longitude and is timestamped to the second, all of which is recorded in a hidden file--which is very much not secure.
This could theoretically be useful for anyone interested in knowing where an iPhone owner spends his or her time — advertisers, employers, spouses, parents.“Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements,” according to researcher Pete Warden.
To be clear, such a snoop would need access to your phone or computer and a way to extract and refine the data. It is not sent to Apple nor any third parties, as far as the researchers can tell — it’s just stored on an individual user’s devices. But it is apparently not very difficult to extract the location data from a user's computer.
Warden and Alasdair Allan say they tried to find similar location tracking code on Android phones, but could not find anything. “We haven't come across any instances of other phone manufacturers doing this,” Warden tells the Guardian.
Given Google’s penchant for location tracking and mapping, the alarm is perhaps surprising — Google’s “Latitude” app lets users see their friends on a map, for instance. But Latitude requires that users actively choose to track their location information; in this case, the user is unaware of the data collection. The Guardian reports that Apple did not comment on why the file was created or whether it could be disabled. If you upgrade to a new phone, the file is transferred to that next-generation device, which the researchers say means the data collection is not accidental.
Warden — who has previously worked for Apple — and Allan created their own app that finds the hidden file among the stored backup files on a Mac and turns it into a map. If you don’t care to visualize your travels, Warden explains how to find the file on his website.