Apple + Security News

A developer has published some information about a discovery made in backups of iOS devices. It turns out that these devices record where you have been.

Some reporters are suggesting that the sky is falling, and quoting numerous people who agree with them. The Guardian web site even has a big graphic saying “Privacy Alert” leading to the article linked just above.

Is this really a big deal? This should actually come as no surprise to anyone who uses Location Services on the iPhone, or other iOS devices. If you have an iPhone, or a 3G iPad, the device uses Location Services to determine, well, your location. This is useful if you’re using the Maps app, or any other application that needs your location. GPS coordinates are used to geotag photos you take with the device, but this article suggests that the device does not store GPS data, but rather the locations of cellphone towers.

To be honest, we see no reason why this information is stored in the backups of the device on your computer, or why it’s not progressively deleted from the iPhone. And, while this Cult of Mac article says “In many cases, users are able to access almost a year’s worth of data stretching all the way back to the date when iOS 4 was installed on their device,” we have seen some iPhones that have location data from well before the release of iOS 4.

It’s worth pointing out that this is not new. Forensics researcher Alex Levinson has written about this in the past. He points out that Apple is not collecting this data, or at least as far as we know. (One security researcher thinks that Apple is indeed collecting it, and explains why.)

It seems that the most likely use for storing this data is to remember where cell towers are located so the device can find the more quickly when users return to locations they have previously visited. If this is the case, then it is likely that other phones store this information as well, though if they don’t back up their data in the same way, it may be harder to find.

If you’re worried about this, you can do two things. If you really want to get rid of the data, you can use this procedure. It’s not simple, but it will overwrite the data. (The iOS device stores the data, so deleting your backup won’t get rid of it.)

Second, if you’re worried about the presence of this data on your computer, in the files backed up from your iOS device, check Encrypt iPhone Backup on iTunes’ Summary screen when the device is connected. Enter a password, and no one should be able to access your location information if they get access to your computer.

So, there’s no need to make a big deal about this. This is a feature, not a bug. It would certainly be better if Apple didn’t store this information, but there is no evidence of nefarious intentions here.

Update: Surprise! Android tracks your location too.