iPhone Location Tracking: Just a Bug?

The idea that Apple's iPhone tracks the location of users and stores the data in an unencrypted file might sound nefarious, but it may actually be a simple error, according to one well-connected Apple blogger.

Over at Daring Fireball, John Gruber cites an unnamed source who says the location-tracking file generated by the iPhone is either a bug or an oversight. The file in question, consolidated.db, acts as a cache for location data, but the storage of historical data wasn't supposed to happen, the source said. Gruber guesses that the next iOS update will ensure that historical location data is regularly wiped.

Researchers Alasdair Allan and Pete Warden posted their findings to O'Reilly Radar on Wednesday. The location tracking uses cell tower triangulation rather than GPS, so it's not terribly accurate, and there's no evidence that Apple is collecting the data. But the file is accessible to anyone who can access an iPhone or the PC to which it's synced, providing a rough approximation of the user's recent whereabouts. Selecting "Encrypt iPhone backup" in the options menu of iTunes will secure that data.

There's just one problem with Gruber's theory that the whole thing is a misunderstanding: the consolidated.db file has been known about for months, and previous version of iOS used a similar file with a different name. Alex Levinson, a student at Rochester Institute of Technology, has already written about the iPhone's location tracking in a research paper and a book, iOS Forensic Analysis. In fact, police already access location data when scanning phones for evidence, Levinson wrote in a blog post.

Even if Levinson's findings didn't land on the tech press radar--though they should have--it's hard to believe that Apple didn't know about it already. If the iPhone's location tracking is just a bug, Apple should've been fixed before it became a PR fiasco.

In any case, Apple is now getting heat from politicians over the matter, including Rep. Ed Markey and Sen. Al Franken. Germany is also asking questions. Hopefully Apple will come up with some answers instead of just fixing the file and pretending the whole thing never happened. So far the company hasn't commented.

Follow Jared on Facebook and Twitter for even more tech news and commentary.

Subscribe to the Security Watch Newsletter

Comments