On Wednesday, two researchers released an open source application called iPhone Tracker that pulls data from a hidden location history database contained in your iOS device’s backup files saved on your PC. The app then plots this location information on a map allowing you to see your phone’s travels over the past year. Your iOS devices have been building this location database since iOS 4 was released in June of last year, the researchers say.
The data appears to be based on cell tower triangulation and not GPS. This means the location information is not pinpoint accurate, but only shows your general location. The researchers also discovered in the database a list of Wi-Fi access points that your device has been in range of during the past year.
The researchers don’t believe this data is leaving your custody, but I disagree. My best guess is that it is leaving your device as anonymized and encrypted information that Apple then uses to build its cell tower and Wi-Fi access point database.
What Apple Said
In July 2010, Apple sent a letter to Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas) spelling out in detail what kind of location information Apple collects from device owners. Apple may “collect and transmit cell tower and Wi-Fi Access point information automatically [from your device],” the letter reads. “This information is batched and then encrypted and transmitted to Apple over a secure Wi-Fi Internet connection every twelve hours.”
It’s not clear if the location database the researchers found and the “batched” location information Apple takes from your device are the same file. But that seems very likely. I have sent a note to Apple about this and will update this post should the company reply.
The only troubling thing, however, is that Apple said in the letter that it encrypts your location data before sending it back to company servers. But the database on your computer is sitting there unencrypted in an easily discoverable location. This means the database is a potential target for malware or even law enforcement if the authorities should decide to seize and search your PC. Apple will need to do a better job of protecting this data in future iOS updates now that its existence has been well publicized.
What You Can Do
An important thing to note is that Apple says it will collect almost no location information from your phone if you don’t have location services turned on. To adjust your preference open up your device’s Settings app (the silver cog) and toggle ‘Location Services’ to ‘Off’ if you don’t want to be tracked.
Even then, location information is only collected when you are using an application that requires your location such as Foursquare or Facebook Places, according to Apple. The only exception to this rule is that Apple will automatically collect cell tower information when your GPS-enabled device has location services turned on and is searching for a cellular network. Phones typically search for a network after dropping a connection or when first powering on.
Apple started building its own cell tower and Wi-Fi database after introducing iPhone OS 3.2 in April 2010. Previously, the company had used data from Skyhook Wireless and Google and still does for devices still running iOS 3.1 or older.