You may not know where you’re going in life, but you always know where you’ve been—and so does your iPhone. According to a story in The Guardian on Wednesday, the iPhone (and the 3G-enabled iPad) keeps a running log of its location and copies that information to your home computer whenever you connect to it. As such, the information—complete with latitude, longitude, and timestamps—can be easily reconstructed to show a person’s movements.
Data scientists Pete Warden and Alasdair Allan discovered the cache of information; the two have written an application that you can run on your own computer to display the location information on a map, getting both an overview of every place you've been as well as stepping through the data by regular intervals.
I’ve downloaded and run the program and can confirm that it lets me retrace my movements over the past ten months with a scary level of precision. (Warden and Allan have obfuscated the data slightly in their application by showing information on a week-by-week basis, though they say that the data file it draws from goes down to the second.) The two scientists will be presenting their findings on Wednesday at the Where 2.0 conference in San Francisco.
According to Warden and Allan, the data seems to be compiled from cell tower triangulation, rather than GPS, which reduces its full precision (in my own investigation, I noted there also appears to be a log of Wi-Fi location data as well). My own map showed clusters around my home in Boston; the Macworld office in San Francisco, which I visit frequently; and other locations that I’ve visited in the past year, including Chicago and Houston. Zooming in further shows more detailed information, to the point of letting me isolate individual trips I’ve taken. And because the information is timestamped, you can theoretically even retrace steps on an extremely granular basis.
Furthermore, as the data logged on my computer dates back to before I bought my current iPhone 4, I can also confirm Warden and Allan’s statement that the information is carried from previous devices to new ones.
The purpose of the data itself is unclear, but it’s likely Apple stores it for testing purposes. And while the collection of the data is probably not intended as malicious, there is a degree of negligence in not only failing to informing users that their location is being tracked and logged, but also in not securely storing that information. As Warden and Allan point out, the data could fairly easily be retrieved by a suspicious spouse, private investigator, or some other third party. To date, though, Warden and Allan say there is no indication that the information is sent from users’ computers or iPhones to Apple or any other party.
While there is no way to easily remove the data from your phone or your computer, some degree of protection can be afforded by encrypting your iPhone’s backup file, which can be accomplished via iTunes, and setting a passcode on your device.
Still, this news is a blow to Apple, especially as it touted improvements to location privacy when it rolled out iOS 4 last year. Not only are location-aware applications required to ask a user before retrieving their location, but those features can be disabled on a per-app basis—or indeed, altogether—via iOS’s Location Services settings. Apple failed to respond to a request for comment by the time this story was published.