Several researchers at O’Reilly have discovered an extremely troubling feature of iPhones and 3G iPads running Apple’s iOS 4. In a blog post and accompanying video, the site details that Apple is storing the GPS coordinates of cellular iDevices locally, in an unencrypted and unprotected file. “Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps,” reads the post. “We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.” O’Reilly goes on to note that along with a list of timestamped GPS coordinates, the file also contains a list of Wi-Fi access points that the affected device has been in range of. “Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released,” the brief continues. The file in question — named consolidated.db — is present in the backup file created when syncing a cellular iOS device with iTunes, and, obviously, on the iOS device itself. “Why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored,” writes the team. Apple’s security team did not respond to O’Reilly‘s request for comment. The video made by the researchers is after the break.
Read [O’Reilly] Read [iPhone Tracker app]