UPDATE: BigBoss has released Untrackerd, an app that will continuously clean up locationid’s history data in the background. This is a must have for iPhone & iPad 3G users that don’t want their location continuously logged! The package installs a daemon (process that can run in the background) to clean the consolidated.db file. No new icons are added to your homescreen and there are no options to configure.. Of course, your device has to be jailbroke in order to install it.
Yes, you read that right… Apparently a hidden file in iOS 4 is regularly recording the position of devices, according to Alasdair Allan and Pete Warden over at O’Reilly Radar:
Today at Where 2.0 Pete Warden and I will announce the discovery that your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.
The presence of this data on your iPhone, your iPad, and your backups has security and privacy implications. We’ve contacted Apple’s Product Security team, but we haven’t heard back.
What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.
I don’t know about you but this is pretty upsetting news to me, and I’m not even an iDevice owner. They also posted the following video, discussing how they discovered the file:
Allan and Warden go on to say the following, which includes a tip on a step you can take to encrypt your location data:
What information is being recorded?
All iPhones appear to log your location to a file called “consolidated.db.” This contains latitude-longitude coordinates along with a timestamp. The coordinates aren’t always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there’s typically around a year’s worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.
What are the implications of this location data?
The cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world. Beyond this, there is even more data that we have yet to look at in depth.
For example, in my own case I (Alasdair) discovered a list of hundreds of thousands of wireless access points that my iPhone has been in range of during the last year.
How can you look at your own data?
We have built an application that helps you look at your own data. It’s available atpetewarden.github.com/iPhoneTracker along with the source code and deeper technical information.
What can you do about this?
As we note around the 20-minute mark in our video discussion, an immediate step you can take is to encrypt your backups through iTunes (click on your device within iTunes and then check “Encrypt iPhone Backup” under the “Options” area).
It will be very interesting to see what Apple’s reaction is to this discovery…
What do you think about this? Let us know what you think in the comments below!
Source: O’Reilly Radar
About the Author (Author Profile)
Co-owner and PR guy for GizmoNinja.com. I’m happily married and a father to a wonderful (most of the time) son. I work in the E9-1-1 software/data industry by day and am a tech loving geek in my spare time. I’m interested in all things tech, but am big into Android especially. I dabble in a little of everything – Android development, PC development, web development, etc – but am a master of none (not even close)… But I have fun doing it anyway! =P