Apple iPhone users’ movements are being tracked and stored without their knowledge in a file that could easily be accessed by a snooping employer or jealous spouse, security researchers have found.
The continually-updated log is held on both the iPhone and the computer it connects to and contains a list of coordinates, and associated timestamps. The records go back to the release of the fourth iteration of the iOS operating system in June last year.
The true contents of the enigmatically-named file “consolidated.db” were discovered by two British software developers who were working on ways of visualising location data for websites.
“At first we weren’t sure how much data was there, but after we dug further and visualised the extracted data, it became clear that there was a scary amount of detail on our movements,” said Alisdair Allan and Pete Warden. Mr Warden previously worked for Apple in an unrelated area.
Mobile network operators keep records of users’ movements based on which masts they are connected to, which police and intelligence agencies can access legally. The data stored by the iPhone could however be accessed by anyone with access to it or the computer it connects to, and is not protected by a password or encryption.
Mr Allan and Mr Warden have set up a website to publicise their findings and allow iPhone users to test whether their movements are being recorded. To further highlight the issue they have developed a simple application that plots the coordinates and timestamps on web-based mapping software.