Security researchers unveiled the scandalous discovery that Apple’s iPhone and iPad are recording the user’s geographic location to a secret file.
Revealing the discovery at the O’Reilly Where 2.0 Conference in Santa Clara, researchers Alasdair Allan and Pete Warden said that iPhone and iPad have been "storing a long list of locations and time stamps" ever since the iOS 4 update.
"We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations," they wrote on the O’Reilly Radar blog.
The researchers also showed that the data file was "unencrypted and unprotected" and is transferred to any computer that has been synched with an iOS device. The file can be accessed on the iPhone or iPad.
Allen and Warden published an OS X application which, when run on a system that syncs with the iPhone or iPad, it will extract the hidden file from automatic backups and visualises the data on a map. The Mac iPhoneTracker application can be found here.
Thankfully the pair also pointed out that the file did not appear to be sent anywhere without the users knowledge. However Allen’s phone was also shown to have stored "hundreds of thousands of wireless access points" which the phone had been in range of over the past year.
The astounding ramifications of the discovery include the fact that any lost or stolen iPad 3G or iPhone can reveal the entire movement patterns of the owner, so too a lost or stolen laptop which had synced to an iPad or iPhone.
A Guardian report suggested that Apple will be legally in the clear due to a section of Apple’s massive iTunes terms and conditions which says: "Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device."
At the Where 2.0 conference, Allen and Warden speculating on why Apple might record the data, suggested it might be something to do with Apple’s new Geofencing functionality.
"I love the company, I was just pretty sad to discover this was how they were handling my location data. It just bummed me out really," said Warden.
Allen and Warden’s talk at Where 2.0 is below: