How much does your iPhone really know about you? Quite a bit, it seems. Two software hackers have found that iPhones and 3G-enabled iPads keep a running log of where their users go, and when, and warn that such information could easily fall into the wrong hands. Here, a brief guide:
What's going on?
Two hackers, Peter Warden and Alasdair Allan, discovered a file in Apple iOS 4 that stores a list of locations and time stamps — essentially where the iPhones and 3G-enabled iPads have been, and when. "We’re not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations," say Warden and Allan.
Can users access this information themselves?
Yes. Warden and Allan have even written an open-source application that you can run on your computer. It displays all the location information on a map. (Check it out here.) "I've downloaded and run the program and can confirm that it lets me retrace my movements over the past 10 months with a scary level of precision," says Dan Moren at Macworld.
Does this affect every iPhone?
It appears the location information files are only on newer AT&T iPhones. Yes, that "means Verizon iPhone users aren’t impacted by this — at least for now," says Jeff Gamet at The Mac Observer.
How long has this been going on?
It seems to have been happening since around the time Apple released iOS 4, in June 2010.
Why is Apple doing this?
The company isn't commenting, so speculation abounds as to why they're keeping this data. "It's likely Apple stores it for testing purposes," says Moren. Warden and Allan think it's part of Apple's plan to have "geo-fencing capabilities" — a system that would send a notification when a device leaves a certain area. Apple could have "new features in mind that require a history of your location," Warden says. "The fact that it's transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental."
What sort of privacy issues does this raise?
Big ones. "Apple has made it possible for almost anybody — a jealous spouse, a private detective — with access to your phone or computer to get detailed information about where you've been," Warden says. A hacker could even remotely break into the gadget to get the information. Allan notes that cell providers have long had access to all this information. Sure, says Warden, but in order for someone — say, law enforcement officials — to obtain that data, they've had to go to extreme lengths. Now, it could be a whole lot easier.
What does this mean for Apple?
"This news is a blow to Apple, especially as it touted improvements to location privacy when it rolled out iOS 4 last year," says Moren. Yes, and Apple could be in trouble with the law, says Sharon Nissim of the Electronic Privacy Information Center. They may be violating the Wireless Communications and Public Safety Act.
What can users do to protect themselves?
Users can better protect their privacy, slightly, by encrypting their iPhone backup files, which are stored on their computers, and requiring a password to access them. (Gamet explains how here.) Setting a password to use your iPhone itself also helps a little. But there is no way to erase the sensitive data from your phone or computer.