Today Apple released a Q&A about the location data that's stored on the iPhone. In the statement, the company says broadly that it does not track the iPhone's location, and that the data, which is currently stored in an unprotected file, will be encrypted in the next major update of iOS.
In the statement, Apple admits that iPhones send location data to Apple to maintain a crowd-sourced database of Wi-Fi hotspots and cell phone towers, as many have suspected. However, the company says the locations recorded can be up to 100 miles away from the where the phone actually is, and that the data is sent anonymously.
Apple further explains that it's creating the database to provide better location services on the phone. By using the crowd-sourced locations of cell towers and hotspots, the phone can more quickly locate the user than if it were using GPS satellite data alone. Putting the entire database on every user's phone would be untenable, though, so an iPhone requesting location services accesses a subset, or cache, of the database. It's this data, not necessarily data specifically generated by the user, that's stored in the unencrypted file, "consolidated.db."
At the same time, though, the company effectively admits that retaining such a lengthy and comprehensive location record on the phone—ever since the user upgraded to iOS 4, or about a year for most users—is unnecessary to maintain such a database. Also, backing the file up to a user's computer is clearly not needed either. Apple says it plans to do four things in the next major update of iOS:
Did you know that Apple is tracking your every move with your iPhone and iPad? A blog post published today on O'Reilly Radar claims that devices running iOS 4 are gathering location and storing it in an unencrypted manner.
"What makes this issue worse is that the file is unencrypted and unprotected, and it's on any machine you've synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you've been over the last year, since iOS 4 was released," wrote Pete Warden, founder of the Data Science Toolkit, and Alasdair Allan, a senior research fellow at the University of Exeter.
The data is being stored to a file known as "consolidated.db," which includes latitude-longitude coordinates and a timestamp.
Of course, this shouldn't surprise anyone who read the entire 45-page EULA, as it clearly states the following clause when going into detail on the type of “non-personal information” that Apple can “collect, use, transfer, and disclose … for any purpose.”
We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.