Two security researchers have discovered that iPhones and 3G-equipped iPads regularly record and store location information to a hidden file that is backed up to iTunes and even transferred to new devices. While the information isn’t necessarily accessible to remote hackers, the researchers noted that it does raise some important concerns about privacy.
Researchers Alasdair Allan and Pete Warden announced this morning that they are presenting their findings at the Where 2.0 conference on Wednesday. “Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps,” the pair noted in a post to O’Reilly Radar. “We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”
Warden developed software to view and analyze the database of locations stored by your iOS device, a copy of which is likely sitting unencrypted on the computer with which you sync your iPhone or iPad. The pair advised that turning on backup encryption in iTunes is an easy way to protect the information from leaking, though anyone with physical access to your iDevice could potentially access and analyze the database.
We have contacted Apple and several security experts to get a better understanding of the privacy and security implications of Allan and Warden’s findings. Keep an eye out for our in-depth analysis on the issue later today.