iOS 4 stores a history of your whereabouts in an unencrypted file


April 20, 2011

It has been discovered that iPhones running iOS4 maintain a location-tracking database, that is stored in an unprotected, unencrypted file

It has been discovered that iPhones running iOS4 maintain a location-tracking database, that is stored in an unprotected, unencrypted file

If you own an iPhone or 3G iPad running iOS4, then you might be interested in knowing that the device has been keeping a record of your travels in a hidden, unencrypted file. Users do not opt into using the service, the database is restored after backups, and it migrates onto other synced devices. While no one is necessarily accusing Big Brother Jobs of watching you, it is a curious feature, and one that could pose a security threat to some users.

As first reported this morning by tech bloggers Alasdair Allan and Pete Warden, the record consists of a list of latitude-longitude coordinates and time stamps, outlining where your device (and presumably you) has been. As it appears to have started with the introduction of iOS4, there will currently be about a year's worth of travels within the file. It is guessed that the device's location is determined by cell-tower triangulation, and is updated when the device is used, or by traveling between cells.

The data is contained in a file labelled consolidated.db, which is unencrypted and accessible to anyone with access to your device – provided they know where to look. In an explanatory video on the O'Reilly tech blog, Allan and Warden state that users can address the problem by encrypting their backups through iTunes. The pair also offer an application that allows users to see the existing database on their own device.

There is currently no indication that the data is being sent to Apple, or any other parties. Phone companies already collect the same information, but it is inaccessible to outside parties without a court order. Applications such as Foursquare and Mobile Me also track the device's location, but users must opt-in to use them.

At the time of this posting, Apple's Product Security team has reportedly not responded to Allan and Warden's inquiries.

Update: Alex Levinson has published a blog post explaining, among other things, that this discovery is not new.

About the Author
Ben Coxworth An experienced freelance writer, videographer and television producer, Ben's interest in all forms of innovation is particularly fanatical when it comes to human-powered transportation, film-making gear, environmentally-friendly technologies and anything that's designed to go underwater. He lives in Edmonton, Alberta, where he spends a lot of time going over the handlebars of his mountain bike, hanging out in off-leash parks, and wishing the Pacific Ocean wasn't so far away. All articles by Ben Coxworth

This is unacceptable. Who is big brother now Macintosh? I heard a good quip about this on facebook. \"It\'s not your phone, it\'s Steve\'s phone.\"


No application is able to traverse memory space. So if you had the winning lotto ticket number on a text file in /opt/winning-lotto-ticket.txt on your iPhone4, no application will be able to access it.

What a crock....does Gizmag have nothing better to write about than a non-security-issue? Did you guys know there\'s a global conspiracy to prevent white iPhones from being distributed? Do you hear NCAA complaining? Let\'s see an article about that...

Nothing to see here. Move along.

Don Montalvo, TX

Post a Comment

Login with your Gizmag account:

Related Articles
Looking for something? Search our articles