Overshadowing Apple's earnings news this past week was the publicity surrounding the discovery that iPhones and 3G iPads track users' locations and store the data in an unencrypted file. The discovery was made by O'Reilly researchers Alasdair Allan and Pete Warden, and it caused quite an uproar.
The file, named "consolidated.db," is an unencrypted SQLite database that can be found in the devices' file systems and in the iOS backup files created and updated by iTunes every time an iPhone or 3G iPad is synced. Although the file isn't immediately accessible on the device itself, it can be accessed on a jailbroken device via the iTunes-generated backup file. It also could potentially be accessed using other tools that allow you to explore an iOS device's file system while it's attached to a computer.
The file contains location data about cell towers the device accessed and Wi-Fi networks that it was within range of, plus other information, like the direction a device was facing as determined by the digital compass that became standard on the iPhone 3GS. Other data points appear to be supported by the database file but don't appear to be used in its current iteration.
One type of data included in the file noted by Allan and Warden is related to so-called geofencing. Geofencing allows a business or organization to create a virtual "fence" around a location that can provide information to mobile devices. A coffee shop could use a geofence technology to broadcast daily specials, or a school could use it to create a perimeter that would allow a phone to indicate that a child has safely arrived for class or is headed home.
Allan and Warden created a proof-of-concept Mac OS X app that can pull information from the database of a user's iPhone backup and display it on a map -- clearly showing where a device has been used.
It's worth noting that an iPhone's position isn't being continuously tracked. When I ran the app, for example, it showed a number of sporadic entries between upstate N.Y. where I live and the location in Virginia where two of my friends got married last August. If my iPhone had been recording my location constantly, there would've been a solid line of entries through New Jersey, Delaware, and Maryland. The only entries along the route I drove, however, were at places where I used a location-related feature or app -- to look up directions, to check the distance to the next rest area, to snap photos in D.C., or to check in at restaurants.
This clearly implies that the file records data when and where the iOS location services are used (although all manner of apps use location services, potentially generating a lot of entries).
It's also important to realize that this file doesn't have actual GPS data. It contains location data based on other, less accurate, sources -- like cell tower triangulation and a database of known Wi-Fi hot spots.
While this week's news about the location-tracking file generated a lot of angst -- and prompted members of Congress to ask Apple what's going on -- this isn't really new information. Data forensics specialists have known about this file for some time, along with a file called h-cells.plist that stored similar location data in previous iOS versions. It was much more difficult to extract that file or its data, however.