http://bits.blogs.nytimes.com/2011/04/20/3g-apple-ios-devices-secretly-storing-users-location/
April 20, 2011
3G Apple iOS Devices Are Storing Users' Location Data
By NICK BILTON
A hidden file on the Apple iPhone 4 and iPad 3G has been found to store location information.
This privacy glitch was discovered by two programmers, Alasdair Allan and Pete Warden, who presented their findings at the location-centric O'Reilly Where 2.0 conference in San Francisco.
The file, which is called "consolidated.db," keeps track of GPS data on 3G-enabled Apple devices and regularly updates itself with a user's location. The image above shows data collected from a single trip between New York City and Washington. Information that is stored on the phone is also sent to the iTunes application when a user syncs or backs up an iPhone or 3G iPad.
In a blog post on the O'Reilly Radar Web site, Mr. Allan said, "The presence of this data on your iPhone, your iPad, and your backups has security and privacy implications." The two programmers have contacted Apple's product security team but said they had not yet had a response.
Apple has also not responded to a request for comment from The New York Times.
Mr. Warden said he had built a free downloadable application that allowed users to see the data collected about them through their iOS device. Once downloaded, the app maps the information that your iPhone has recorded and stored about your previous movements.
The programmers warned iOS owners not to panic -- yet. Beyond the issue of the information being stored, "how Apple intends to use it -- or not -- are important questions that need to be explored," wrote Mr. Allan.
Christopher Vance, a digital forensics expert specializing in mobile phones, wrote on his security blog that the location file is storing multiple types of location-based information from a user's phone at any moment in time. These include the location of the nearest cellphone towers and any WiFi locations an iPhone users passes by, Mr. Vance wrote.
A cellphone owner's location information has always been stored by cellular carriers, but has been available in the past only through a court order approved by a judge. Making the file visible and unencrypted on iOS devices could make it available to anyone who gains access to the phone.
The video below shows the two programmers presenting their findings.
http://www.youtube.com/watch?v=GynEFV4hsA0&