Over the past week, many have asked me about whether the GPS module in their iPad or iPhone is tracking their whereabouts. Despite the fact that Apple released a response to address those concerns, there is still plenty of misinformation out there. The whole debacle began when a few researchers found that computers running iTunes, which had synced with an iOS device, were continuously storing about a year’s worth of geo-location data.
After Apple published their report, it was clear that the company had no intention of keeping an eye on customers. However, it was also apparent that the company had overlooked many privacy and security precautions. A “location cache” was accumulating data since an early version of iOS 4 inadvertently enabled the feature. The fact that Apple failed to encrypt or password protect this file was the largest concern. This would allow anyone with physical or remote access to your computer to potentially extract that file to learn where you were at any given time. This could mean that even a malicious virus could technically target that file and upload it back to the internet into the hands of unwanted eyes.
To check whether this news was a far-fetched scare or a true issue, we decided to run the iPhone Tracker program on one of our own machines. We used a ported Windows version and within minutes it brought up a map with points across the state of California. Closer observation immediately revealed line of markers indicating our entire 8 hour drive from San Jose to San Diego for Comic-Con 2010. The program also found points for a long drive to Los Angeles for E3 2010 and even a ski trip up to Lake Tahoe. The areas generally residing in had denser points.
It was quite fascinating and impressive this data was available. We actually thought it was pretty cool, but I could not help but agree that it raises major privacy concerns. While some geeks might feel that having access to this information would provide a neat way of exploring your travel history, Apple should most definitely should have encrypted this data to prevent any security vulnerabilities. There was also no way for iPad and iPhone owners to delete or disable these logs on a Mac or PC either.
The Fix Is Available: iOS 4.3.3
The latest update, which Apple made available last week, takes several steps to address this issue. Once users upgrade, iOS will reduce the size of the location cache to prevent storing year-long data and iTunes will no longer maintain a copy when backing up. This feature will also stop collecting information when users turn off the Location Services in the settings.
We were also glad to learn that Apple never transmitted these logs back to their servers. According to the company, the data was for letting your device determine location faster with GPS and WiFi hotspot information. Those with an iPhone 4, iPhone 3GS, iPad 2, iPad, or iPod touch should grab the whopping 666 MB update from iTunes. It might take a while to download and install, but it is important since information about the vulnerability is already widely available information.