Researchers Pete Warden and Alasdair Allan were looking for a way to visualize mobile data when they stumbled across a file in the iPhone and iPad 3G that records locations and timestamps, Allan wrote on O’Reilly Radar.
Digging deeper, the researchers found that the file, “consolidated.db,” contained the data for just about everywhere Allan had been since upgrading to iOS 4. The same was true of Warden’s file.
The data logs information across devices and syncs. It’s not clear what triggers data collection — the men theorize that it could be text messages, calls or traveling between cell towers, since data isn’t being collected from every place they’ve walked through. They believe the information is being collected deliberately, but do not know why.
The men have contacted Apple’s Product Security team but have not received a reply. Apple did not immediately respond to a request for comment on this post.
The researchers said that iPhone and iPad 3G owners can encrypt their backups through iTunes to address the issue.
There is no indication that it’s being transmitted beyond a user’s own devices, the researchers emphasized in a video explaining the file. But the data is not encrypted or protected, so if a users’ phone is stolen, the information would be extremely easy to extract.
Warden and Allan have created a program to allow users to look at their own data. They hesitated over whether or not to make the information public but decided that people should know about the data. To address concerns about their app, they watered-down the accuracy of the data the app visualizes and have promised that their app does not transmit the information.
Warden and Allan will be announcing their discovery at the Where 2.0 location services conference on Wednesday. Allan is a senior research fellow at Exeter University. Warden is a former Apple employee. On the application’s download page, both men said they are “big fans of Apple’s products and take no pleasure in uncovering this issue.”
For a complete explanation of the discovery and the program, check out the researchers’ 20-minute video here: