Security researchers Pete Warden and Alasdair Allan have discovered a secret feature on the iPhone that should send privacy advocates into a tizzy. Presenting their findings at the Where 2.0 conference in San Francisco, the researchers said that the iPhone keeps track of where it has been and stores the data in a secret file on the device. The data stored on the file includes the phone's location (latitude and latitude) along with timestamps. This "feature" seems to have been added in the iOS 4 update released in June 2010.
According to the researchers, the secret file is copied to the computer whenever the iPhone is synced with the computer. The file is also transferred across devices. For example when an iPhone is replaced by a new one, the location file is transferred to the new device. This rules out the possibility that the data collection might be accidental. The researchers said that it does not look like the data is being sent to Apple though.
Location based services which tracks users are nothing new. However unlike the other services, the iPhone does not ask the user for permission to collect this data. However as of now it is not clear what the iPhone uses this data for. The fact that your locations are stored in a file on the device means that if you loose your device, the finder can use a simple program to determine your exact movements. This could raise very serious privacy concern and potential lawsuit against Apple.
Privacy International has already raised concerns over the finding. This is what Simon Davies of Privacy International said:
This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage.
Alasdair Allan also examined Android to see if such tracking are present in it as well. According to him, there is no such tracking code in Android.
I find such utter disrespect for user's privacy by one of the largest technology companies, such as Apple, very worrying. Do you think it is ok for a device to keep track of your location without asking for your permission?