Apple Tracking User Movements, Researchers Claim

Two researchers discovered their iPhones have been tracking their locations since upgrading to iOS 4

If you have an iPhone running iOS 4, or a 3G-equipped iPad, Apple is and has been tracking your every move, Pete Warden and Alasdair Allan at O’Reilly Radar recently figured out. Warden is a former Apple employee and Allan is a senior research fellow at the University of Exeter in England.

Checking into Foursquare from a smartphone, for example, shows a time stamp giving a longitude and latitude record of the user’s location. The difference, where the iPhone and iPad are concerned, is that there is no obvious opting in. It appears that Apple does tell users in the fine print of its iTunes Terms and Conditions (see below), which users have to accept, as written, to access the iTunes store.

A Hundred Location Checks Each Day

Apple has just been going about noting the whereabouts of each device approximately 100 times a day, according to Allan and Warden.

“We’re not sure why Apple is gathering this data but it’s clearly intentional, as the database is being restored across backups, and even device migrations,” the pair wrote in an April 20 blog post.

“What makes this issue worse is that the file is unencrypted and unprotected – and it’s on any machine you’ve synched with your iOS device,” the two continued. “It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you have been over the last year, since iOS 4 was released.”

Warden and Allen found the location data in a file called “consolidated.db”. It contains latitude-longitude coordinates with a timestamp, and some other collection parameters that are less clear. It appears that Apple has been collecting the data since the launch of iOS 4. Warden explains, in a video on the site, that since upgrading to iOS 4 he switched from an iPhone 3GS to an iPhone 4 to another iPhone 4, after dropping the first one – but his location data was seamlessly collected throughout that time.

Analyst Ken Hyers, with Technology Business Research, says that tracking mobile phone users is a practice that has gone on for years and is necessary to support 911 calls from mobile phones.

“But the location data collected by the mobile operators is protected and can’t be accessed without a court order,” Hyers told eWEEK. “Many smartphone apps on Android, Apple and BlackBerry devices also collect location data and, in fact, cannot function properly without [it]. Popular apps such as Layar require location information in order serve up location-based information. But this data is anatomised, protected and, as far as I know, not stored locally on the phone.”

Collecting and storing data on the phone, however, unsecured and without users’ knowledge, is another thing all together.

“I think Apple has really fallen down on the job here,” Hyers said. “They need to quickly develop and upload a fix that secures the data and gives the user a way to manage and remove it if they wish. Apple also needs to clearly explain why the data is being collected and what, if anything, it intends to do with the data. ”

While Warden and Allan are unsure what prompts the timing of the OS’s location recording, which is erratic – they have reached out to Apple’s Product Security team but have not heard back – the location information is likely determined by cell tower triangulation. The pair created and are offering an application that offers a visual representation of the data.  In the on-site video, you can watch a device travel from Washington DC to New York on an Amtrak train.