failPete Warden and Alasdair Allen have found something especially unsettling in iOS4, the operating system that Apple devices use. It’s news that I must admit has me reconsidering whether to stick with the iPhone when my contract ends.

You see, these devices are equipped with GPS so that location-aware apps like Foursquare and such can operate. Well, it seems that your iPhone is storing a record of all your movements in a hidden file in the operating system. “Who cares?” you might ask; after all, you can already be tracked to a great extent through your Yelp and Foursquare check-ins. Well, this is a little different.

As security researcher Peter Warden puts it:

The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.

Stop and think for a minute. Think about the number of applications on your iDevice. I’ve got three pages of nested folders full on my handset, for instance. It’s a lot like the apps and games on Facebook. Notice how you have to authorize them to have access to your data? Same thing, but Apple has failed in a major way by not making it opt-in. That’s not all though, as Warden goes on to say:

The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.

By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.

These days, people seem willing to give up their personal data at the drop of a hat in order to play a game or use an app. Most of them would probably have shared the data without a second thought if asked. Apple just did not ask.

All it takes is direct access to a device that has been synched to the iPhone, and a user can get access to this hidden file. If someone gets their hands on the handset itself, they can “jailbreak” it — a process which is much easier than many think — and have direct access to the file that way as well. It’s not very hard to do, especially for someone with a little tech know-how.

Is this a dastardly and Machiavellian move on Apple’s part? I don’t think so, and neither does Charles Arthur, technology editor for The Guardian:

Graham Cluley, senior technology consultant at the security company Sophos, said: ‘If the data isn’t required for anything, then it shouldn’t store the location. And it doesn’t need to keep an archive on your machine of where you’ve been.’ He suggested that Apple might be hoping that it would yield data for future mobile advertising targeted by location, although he added: ‘I tend to subscribe to c*ckup rather than conspiracy on things like this – I don’t think Apple is really trying to monitor where users are.’

While bearing overtones of Big Brother at first glance, I’ll bet we can file this under “collecting marketing data” rather than malice. Even so, my problem with its implementation and lack of security remains. This should have been opt-in or not rolled out. While it may well be within the terms of the service agreement, it is still bad business and shows no respect for their user base — a user base that is renowned for its fanatical devotion to Apple’s product line.

Data security and privacy are becoming more important issues every day. Issues like this discovery throw that fact into sharp relief.

So tell me, fellow iPhone users, what is your take on this? Enough to make you consider a Droid? (Warden was quoted as saying that Alasdair had looked for similar functionality on the Droid and had found none. )

Source: “iPhone keeps record of everywhere you go,” The Guardian, 04/20/11
Source: “Got an iPhone or 3G iPad? Apple is recording your moves,” O’Reilly Radar, 04/20/11
Source: “Pete Warden’s iPhone Tracker,” Githhub, 04/20/11
Image by Firefly the Great/Dagny Scott, used under its Creative Commons license.

WordPress Image Lightbox