iPhone 4 & 3G iPad secretly tracking your every movement

Much is made of privacy and security in the digital age and while a lot of it seems overblown there are things to be concerned about. In a worrying development, UK security analysts announced at Where2.0 conference, the discovery that Apple’s mobile operating system, iOS 4, used in iPhone 4s and 3G iPads, has been keeping track of everywhere you go and have gone.

According to Alasdair Allan and Pete Warden, the security analysts and founders of DataScience Toolkit, using data triangulated from signal towers the iOS 4 device saves both the latitude and longitude of the users movement with a time stamp onto a hidden file onto the device. That data, when synchronised with a computer is then again secretly saved to yet another hidden file on the synchronising computer. Though the co-ordinates as they discovered aren’t always accurate, it is at best, uncomfortable how detailed they are.

As Allan and Warden explain, “We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”

Taken alone, it is concerning enough that in the year since iOS 4 has been released Apple has never mentioned that its mobile operating system does this.

However, according Allan & Walden, the files on both the device and a computer being neither protected nor encrypted, anyone who got access to your computer or device would easily be able to access the file named “consolidated.db.” To access this secret data wirelessly, though somewhat difficult, is not an impossible task.

Allan & Warden have created an application which helps users to view their own data along with the source code and deeper information for the technically minded. They also advise users of iOS 4 that they can encrypt their data through iTunes, by clicking on the device and checking the “Encrypt iPhone Backup” in the “Options” area.

Mobile telephone companies have always had access to this data, but in order for a 3rd party to access it, a court order was needed. As Allan and Warden are at pains to point out, there is no evidence that this data is in any way being transmitted to anyone. At the same time, seeing as Apple’s Product Security team, when contacted did not reply, the important questions of “why this data is being stored?” along with “what are Apple’s intentions with it?” must still be answered.

Alasdair Allan and Pete Warden discuss their research and findings