There’s a bit of a stink going on – even in major media – about something iOS 4’s been doing. Apparently, iOS 4 has been storing a list of locations and timestamps to a hidden, but readable file in a standard database format. The locations are triangulated using cell towers, and generally aren’t as accurate as for instance GPS. Still, the file is stored without any form of protection on both your iPhone as well as your desktop.
This isn’t entirely new information, but Alasdair Allan and Pete Warden made a nice tool to visualise your own data, making it all a bit more tangible. It isn’t new information since this database file has been known in smaller circles for a while now. Of course, this has been causing a pretty big stink, and rightfully so – partially. Yes, this is bad – but no, it’s not as bad as some make it out to be.
First and foremost: Apple is not collecting the information. It’s stored on your iPhone, and on your desktop through iTunes backups. Apple does not collect the information from your iPhone, and it doesn’t collect it from iTunes either. So, any headlines that claim Apple is collecting this information is wrong, since it’s actually iOS that’s doing the collecting. It seems like a minor distinction, but since it only takes three links to turn a kiss on the cheek into a steamy night of passion, it’s a good idea to emphasize this.
Second, this information can technically be abused, but only if any malicious person has either physical access to your device or computer, or, of course, by using a security hole. Even then, I wouldn’t really know what anyone would do with this. I mean, if you’re interesting enough for someone to track your location, you’ve probably got bigger problems.
That doesn’t however, make it right. Some people are claiming this is not a problem at all, but they are wrong. First, Apple does not ask your permission to track your location this way; you can turn of GPS tracking, but not this cellular tracking. Second, it is not stored in a secure way, but naked and open. This is bad.
Overall though, this information could be very useful to law enforcement, but those guys can get court order access to the same data from carriers. You could be cynical and wonder if it is potentially easier to obtain a court order for a suspect’s phone than for carrier records, but alas, I’ll leave that for the law enforcement experts (I believe we have an active commenter who works for law enforcement – wink wink) to figure out.
I’m guessing this is nothing more than a bug which will be fixed in the next iOS point release. It’s been overblown – but it shouldn’t be underestimated either. If you have your device jailbroken, you can search for the Untracked application to continuously clean the database file. You can turn on encryption in iTunes for your iOS backups, too.
Why wait for apple to fix it when they want? You have to wonder.. it took effort to design and code this capability, one has to wonder why.
Get an open source OS and fix it quicker.