It’s not clear if other smartphones and tablet computers are logging such information on their users.
And this week’s revelation that the Apple devices do this wasn’t even new — some security experts began warning about the issue a year ago.
But the worry prompted by a report from researchers Alasdair Allan and Pete Warden at a technology conference in Santa Clara, California, raises questions about how much privacy customers implicitly surrender by carrying around a smartphone and the responsibility of smartphone makers to protect sensitive data that flows through their devices.
Much of the concern about the iPhone and iPad tracking stems from the fact the computers are logging users’ physical co-ordinates without users knowing it — and that that information is then stored in an unencrypted form that would be easy for a hacker, a suspicious spouse or a law enforcement officer to find without a warrant.
Researchers emphasise that there’s no evidence that Apple itself has access to this data. The data apparently stays on the device itself, along with computers the data is backed up to. Apple didn’t immediately respond to a request for comment.
Tracking is a normal part of owning a mobile phone. What’s done with that data, though, is where the controversy lies.
A central question in this controversy is whether a smartphone should act merely as a conduit of location data to service providers and approved applications or as a more active participant by storing the data, to make location-based applications run more smoothly, help better target mobile ads or any number of other uses.
Location data is some of the most valuable information a mobile phone can provide, since it can tell advertisers not only where someone’s been, but also where they might be going — and what they might be inclined to buy when they get there.
Mr Allan and Mr Warden said the location co-ordinates and time stamps in the Apple devices aren’t always exact, but appear in a file that typically contains about a year’s worth of data that when taken together provides a detailed view of users’ travels.
“We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations,” they wrote in a blog post announcing the research.
Alex Levinson, a security expert, said the tracking Apple’s devices do isn’t new — or a surprise to those in the computer forensics community.
The Apple devices have been retaining the information for some time, but it was kept in a different form until the release of the iOS 4 operating software last year, Mr Levinson, technical lead for the Katana Forensics firm, wrote on his blog.
“Either way, it is not secret, malicious, or hidden,” he wrote. “Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the settings menu on their device.”
The existence of the location-data file on the phone is alarming because it’s unencrypted, the researchers said, which means that anyone with access to the device can see it.