Security Researchers Reveal iPhone And iPad 3G Record Location Data In Hidden File

iPhone Location

Security Researcher Alasdair Allan at the University of Exeter has revealed that iPhone and iPad 3G regularly tracks your iOS device and records the co-ordinates along with timestamp in a hidden file.

Allan and Pete Warden will speak about this topic at O’Reilly Where 2.0 Conference that started yesterday at Santa Clara, CA.

Allan has provided the following details about the information that is being recorded:

All iPhones appear to log your location to a file called “consolidated.db.” This contains latitude-longitude coordinates along with a timestamp. The coordinates aren’t always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there’s typically around a year’s worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

Allan has raised privacy concerns as the hidden file is also backed up to your computer when you sync it, in unencrypted and unprotected form.

There is currently no evidence to suggest that this file is being uploaded to Apple servers but the researchers point out:

“Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been.”

The researchers have created an application called iPhone Tracker (download link) that can be used to look at the contents of the hidden file. They have also reached out to Apple for comment but haven’t received a response yet.

If you’re worried about someone accessing this file then you can encrypt the iPhone backups through iTunes (click on your device within iTunes and then check “Encrypt iPhone Backup” under the “Options” area).

You can checkout the video that shows the data points pulled from an iPhone backup plotted on a map:

Are you worried that Apple is recording your location data?

[via O'Reilly Radar]

Like this post? Share it!

  • Apel

    no not really

    • Zolk

      I am quite scandalised. I await a *prompt* response from Apple.

  • Bpel

    Yes. Actually.

  • Cole

    I mean.. They have ways to look up your location at any time anyways so I’m not too concerned with it. Now if they started basing adverts and crap off location and being annoying, then I’ll care

    • Manderson

      It’s funny because they do. I live in the SF Bay Area, and I get adverts that often times focus right in my neighborhood.

      • Zang

        So you want irrelavent ads and spam?

        I think it’s good that where ever I am I have up to date ads that are focused on my CURRENT location.

        Maybe they should delete the log every update that is made, but still I think the data is needed. It causes no privacy issues where you LAST where, as that person using your phone is the last place.

  • Scrooge

    This is BS. This “feature” should be made optional and people have a right to be aware of it. Hiddenly incorporating something like this in iPhones and iPads is a sneaky act.

  • jew

    another step for world order

  • Zoran

    I mostly think this is just for wifi connections, since if you in a area that you clicked forget network, it will remember it a month later.

    • Mandeep

      Nope this is not for Wifi tracking, this is using cell tower triangulation. I looked at the consolidated.db file in detail, there are several tables, cell location is the main one that tracks the details, for most part I personally found it to be benign, it shows me in the vicinity sometimes within a couple miles. There is a Wifi table that tracks all the Wifi locations along with their mac addresses, but doesn’t mean I’d connected my device to them.

  • Tank84

    Now I will finally know if my girl has cheated on me on that day

  • John

    This is nothing new. We can turn off gps and location services, but to receive a phone call, we’ll still have to be tracked. How else do you think the call narrows you down to the nearest cell tower?

    People are over reacting over something that is so common, every smartphone has it. It’s like using your credit card at walmart then saying your credit card company is spying on you because the receipt tells them which walmart you were at and what time you made the purchase.

  • http://web.me.com/loubakastan stan69b

    it is quit scary , but it is not accurate at all . moreover , if you encrypt your backups , you shouldn’t be too worried about it . The main concern would be a cheating wife or husband , and as i said , it is not accurate enough to give an adress. It’s not the first time we find apple tracking our lives with iphones , if you remember , there is an applekill switch …. i’m pretty sure if you read the legal notices , the mention this so we , apple customers are technically aware of this and we accept their terms and condition …… this is how to bypass the system …… legal notices longer then the bible.

  • Kiwiholden

    Wifi goes by the name (SSID) not your location! If the name is changed it’ll pop back up and if two wifi have the same name it’ll try login with the last password used

  • F**k you

    Who cares… Let my spouse see where I’ve been… I’m not a cheater!

  • Tim says fighter jet games

    Hi Thanks for the information I would “Encrypt iPhone Backup” under the “Options” area. Privacy is always a big concern with new technology.

  • Tony

    Combine this with what the Michigan State Police are doing and it does start to get scary. (If you don’t know, they have begun extracting all photos, contact lists, text messages, and GPS data from cell phones of anyone stopped for any reason… just don’t confuse ‘anyone’ with ‘everyone’ as the hardware is too expensive to be given to every officer.) So if you pulled over they now have a permanent record of everywhere you’ve been since you updated to iOS4.

    Yes, the data technically occurs in most cell phones, but most cell phones don’t make essentially permanent and unencrypted databases of the data. And, FYI, the hardware used by police bypasses password locks on at least 3000 devices.

  • Fingers21

    Why would I worry? I have nothing to hide! Invasion of privacy? Maybe, but there are other possibilities, like tracking dodgy folk, ie terrorists!

    • Zolk

      Riight … so you think Apple Corp. are the police now?

  • http://www.motorbeam.com/ fas

    And Apple says they are the best in security.

  • azure

    how can i download iphonetracker windows version..?

    • Mandeep

      I don’t believe there is a window version. They have made the code open source.. just in case anyone wants to compile a windows version.

  • SALVADORIAN SOLDIER REPRESENTING USA

    ALL THIS DRAMA STARTED AS SOON AS THE SMARTPHONES CAME OUT…SO…SOMEONE MUST BE TRACKING UR B@TT………
    DUH!
    :p

  • kraken

    Is it safe to remove consolidated.db? I found two copies of it on my phone. It would be fairly simple to write a script to remove it and schedule it to run regularly in crontab.

    • Mandeep

      I don’t know what the implications of removing the db file would be. There’s a jailbroken app called untrackered that runs in the background and cleans up the entries from this file. That would be the best bet. I am also certain Apple will fix this in the next release, I read some blogs related to that today.

  • зло

    If its true Bye Bye Iphone like forever and ever !!! Nothing else smart any normal man cant say .Only if love 2 live in matrix !

  • youtube video download

    I was recommended this blog via my cousin. I am not sure whether this submit is written through him as no one else recognize such distinct about my trouble. You’re amazing! Thank you!