Researchers Disclose iPhone and iPad Location-Tracking Privacy Issues

A pair of security researchers today announced that they are sounding the privacy warning bell about the capability of iOS 4 to track the location of an iPhone or iPad on an ongoing basis, storing the data to a hidden file known as "consolidated.db" in the form of latitude and longitude and a timestamp for each point.

All iPhones appear to log your location to a file called "consolidated.db." This contains latitude-longitude coordinates along with a timestamp. The coordinates aren't always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically around a year's worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

While the consolidated.db file has been known for some time and has played a key role in forensic investigations of iOS devices by law enforcement agencies, the researchers note the data is available on the devices themselves and in backups in unencrypted and unprotected form, leading to significant privacy concerns. Once gathered, the data is saved in backups, restored to devices if necessary, and even migrated across devices, offering a lengthy history of a user's movement.


Data points pulled from iPhone backup

The researchers, Alasdair Allan and Pete Warden, have also put together a downloadable application that allows users to view the location data stored in backup files on their computers. Allan and Warden have reached out to Apple for comment but have yet to receive a response, and in the meantime recommend that users encrypt their iPhone and iPad backups for increased security.

Related Roundup: iPad
Buyer's Guide: iPad (Buy Now)
Related Forums: iPhone, iPad

Top Rated Comments

rans0m00 Avatar
141 months ago
With respect to all the "view with alarm" postings that will follow, this really doesn't mean anything. I leave my home at the same time every morning. The transponder in my car records my passage and debits my account with the state highway department. Traffic cameras record my license plate at several points during my journey. Once out of the car, my smiling phiz can be seen on any number of CCTVs en route to my office, whose door I open with a card that automatically records my entry. The IP address of this posting will reveal that I am sitting in my living room as I write. Even without the GPS turned on, my phone regularly initiates a conversation with the local cell tower. I can be found with almost pinpoint accuracy.

So I'm not exactly going to panic to learn that my computer and phone keep a record of my latitude and longitude that they don't share with anyone else.

The government already knows where I live, where I work, where I bank, and all kinds of other interesting information. It's how they collect their taxes and send me my mail.

If there were the slightest indication that liberals, atheists, and other enemies of the state were being tracked by their GPSes and rounded up, I'd be the first to the barricades. But there isn't. Our privacy is not based on "nobody knows", it's based on "nobody cares."
Glad I am not the only person that feels this way. I do not appreciate having another method I can be tracked but at no point I am truly untrackable. The devices in Michigan seem to be a much bigger issue than someone else knowing what time my last trip to subway was at.

I feel sad for people who think it's okay for corporations, governments, or any organization to track and log your every move. Even when they apparently don't even bother to protect this information.

If you feel it's okay to be tracked like a tagged animal, that's your right. If you don't value yourself enough to think your privacy is important, go right ahead and feel that way.

But for the rest of us who believe in basic human rights, please don't help erode what little right to privacy we have left. Just because you don't care personally doesn't mean it's not a valid concern. I want the option of not having my every location logged unencrypted on my phone, and from the sound of many posts on this thread, I am definitely not alone.
The idea of a person truly having privacy is almost a joke. This little bit that we have left I feel is more of an illusion than something we actually have. People seem to be more than willing to track their entire lives on the internet without even being asked to do so. If you want some privacy the closest you are going to get is moving out into the country without a phone, gas, or electricity and live off what you can grow or hunt. Otherwise you are already tracked beyond what anyone that thinks about it should probably be comfortable with. This will not change what you will do in the next little bit though. I am quite sure you are still going to at least continue to use your debit card.
Score: 1 Votes (Like | Disagree)
hobo.hopkins Avatar
141 months ago
so the program can not find the file. Does that mean my iPhone isnt tracking me?
I was just about to post the same thing; the application says that it couldn't find the consolidated.db file. I even tried syncing my iPhone once more and it still didn't help. An interesting note though - I own a Verizon iPhone. I wonder if that has anything to do with it.
Score: 1 Votes (Like | Disagree)
nightcap965 Avatar
141 months ago
Help! Help! The paranoids are after me!

With respect to all the "view with alarm" postings that will follow, this really doesn't mean anything. I leave my home at the same time every morning. The transponder in my car records my passage and debits my account with the state highway department. Traffic cameras record my license plate at several points during my journey. Once out of the car, my smiling phiz can be seen on any number of CCTVs en route to my office, whose door I open with a card that automatically records my entry. The IP address of this posting will reveal that I am sitting in my living room as I write. Even without the GPS turned on, my phone regularly initiates a conversation with the local cell tower. I can be found with almost pinpoint accuracy.

So I'm not exactly going to panic to learn that my computer and phone keep a record of my latitude and longitude that they don't share with anyone else.

The government already knows where I live, where I work, where I bank, and all kinds of other interesting information. It's how they collect their taxes and send me my mail.

If there were the slightest indication that liberals, atheists, and other enemies of the state were being tracked by their GPSes and rounded up, I'd be the first to the barricades. But there isn't. Our privacy is not based on "nobody knows", it's based on "nobody cares."
Score: 1 Votes (Like | Disagree)
Trauma1 Avatar
141 months ago
I love all the dopes quoting various disclosures in agreements that we've agreed to. Just because something is written into terms of an agreement, does not make it lawful. Apple could put in their T&Cs you agree to allow Apple to shoot you dead if you jailbreak your iPhone. Do you think that would be OK too since you agreed to allow it?

Well now we know you're not an attorney, or at least a good one.
Score: 0 Votes (Like | Disagree)
KnightWRX Avatar
141 months ago
The granted patent describes exactly what is stored in the db... Instead of hysteria people should think a little more before becoming Jawas.
They have simply developed a method of accurately triangulating the devices position based upon (probably 4) towers.
And both my points has nothing to do with what is in the DB, it has to do with the lifetime of this content in the database. I know what is in there, I just don't want it to be kept indefinitely, nor do I want it in the backups on my Mac, as probably a lot of the people that aren't happy this in thread want.

I also want it to be disabled if I ask it to.

After all the press this is generating, I'm sure Apple will tone done the logging/lifetime to acceptable parameters and then we'll be able to all Move Along and be happy with our shiny toys once again.
Score: 0 Votes (Like | Disagree)

Popular Stories

Upcoming Products 2022 Feature

Gurman: Apple Preparing 'Widest Array of New Hardware Products in Its History' for Fall

Sunday January 23, 2022 10:32 am PST by
Apple is working on a number of new products that are set to launch this fall, and Bloomberg's Mark Gurman says that it will be "the widest array" of new devices that Apple has introduced in its history. In his latest "Power On" newsletter, Gurman explains that Apple is working on four new flagship iPhones (iPhone 14, iPhone 14 Max, iPhone 14 Pro, and iPhone 14 Pro Max), an updated low-end Ma...
macbook pro 14 16 2021

Three Months After Launch, Apple Still Struggling to Meet Demand for Redesigned 14-Inch and 16-Inch MacBook Pro

Monday January 24, 2022 7:12 am PST by
Three months after their launch, the 14-inch and 16-inch MacBook Pros continue to experience high demand and seemingly short supply, with shipping dates for both models stretching into multiple weeks in several of Apple's key markets. In the United States, the baseline 14-inch MacBook Pro with the M1 Pro chip is estimated to ship in three to four weeks, promising an arrival by at least...
General Dropbox Feature

macOS 12.3 Will Include Cloud Storage Changes Affecting Dropbox and OneDrive

Tuesday January 25, 2022 3:31 pm PST by
Dropbox today announced that users who update to macOS 12.3 once that software version becomes available may temporarily encounter issues with opening online-only files in some third-party apps on their Mac. In a support document and an email to customers, Dropbox said it is actively working on full support for online-only files on macOS 12.3 and will begin rolling out an updated version of...
Questionable Design Decisions

Apple's Most Questionable Design Decisions in Recent Memory

Sunday January 23, 2022 2:59 am PST by
Apple has always emphasized the depth of thought that goes into the design of its products. In the foreword to Designed by Apple in California, a photo book released by the company in 2016, Jony Ive explains how Apple strives "to define objects that appear effortless" and "so simple, coherent and inevitable that there could be no rational alternative." But every once in a while even Apple...
Apple Watch Red Yellow Green Feature 1

Apple Launches Black Unity Braided Solo Loop With 'Unity Lights' Watch Face

Wednesday January 26, 2022 6:05 am PST by
Apple today announced the Black Unity Braided Solo Loop for the Apple Watch, as well as a new downloadable watch face, to celebrate Black History Month. Following the launch of the limited edition Black Unity Apple Watch Series 6 and Sport Band in 2021, Apple today launched the Black Unity Braided Solo Loop as part of its celebrations for Black History Month this year.Apple is launching a...
att gigabit internet

AT&T Bringing $180/Month 5-Gigabit Internet to 70 Cities

Monday January 24, 2022 9:20 am PST by
AT&T today announced the launch of upgraded AT&T Fiber plans, which support speeds of up to 5 Gigabits for some customers. There are two separate plans, one "2 GIG" plan and one "5 GIG" plan, available to new and existing AT&T Fiber subscribers. According to AT&T, the new plans are available to nearly 5.2 million customers across 70 metro areas including Los Angeles, Atlanta, Chicago, San...
intel vs m1 max chip purple

Benchmarks Confirm Intel's Latest Core i9 Chip Outperforms Apple's M1 Max With Several Caveats

Wednesday January 26, 2022 8:56 am PST by
Benchmark results have started to surface for MSI's new GE76 Raider, one of the first laptops to be powered by Intel's new 12th-generation Core i9 processor. Intel previously said that its new high-end Core i9 processor is faster than Apple's M1 Max chip in the 16-inch MacBook Pro and, as noted by Macworld, early Geekbench 5 results do appear to confirm this claim, but there are several...
ios 15

Apple Releases iOS 15.3 and iPadOS 15.3 With Fix for Safari Bug That Leaks Browsing Activity

Wednesday January 26, 2022 10:00 am PST by
Apple today released iOS 15.3 and iPadOS 15.3, the third major updates to the iOS and iPadOS 15 operating systems that were released in September 2021. iOS and iPadOS 15.3 come almost two weeks after the release of iOS and iPadOS 15.2.1, minor bug fix updates. The iOS 15.3 and iPadOS 15.3 updates can be downloaded for free and the software is available on all eligible devices over-the-air in ...