Researchers Disclose iPhone and iPad Location-Tracking Privacy Issues

A pair of security researchers today announced that they are sounding the privacy warning bell about the capability of iOS 4 to track the location of an iPhone or iPad on an ongoing basis, storing the data to a hidden file known as "consolidated.db" in the form of latitude and longitude and a timestamp for each point.

All iPhones appear to log your location to a file called "consolidated.db." This contains latitude-longitude coordinates along with a timestamp. The coordinates aren't always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically around a year's worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

While the consolidated.db file has been known for some time and has played a key role in forensic investigations of iOS devices by law enforcement agencies, the researchers note the data is available on the devices themselves and in backups in unencrypted and unprotected form, leading to significant privacy concerns. Once gathered, the data is saved in backups, restored to devices if necessary, and even migrated across devices, offering a lengthy history of a user's movement.


Data points pulled from iPhone backup

The researchers, Alasdair Allan and Pete Warden, have also put together a downloadable application that allows users to view the location data stored in backup files on their computers. Allan and Warden have reached out to Apple for comment but have yet to receive a response, and in the meantime recommend that users encrypt their iPhone and iPad backups for increased security.

Related Roundup: iPad
Buyer's Guide: iPad (Caution)
Related Forums: iPhone, iPad

Top Rated Comments

rans0m00 Avatar
165 months ago
With respect to all the "view with alarm" postings that will follow, this really doesn't mean anything. I leave my home at the same time every morning. The transponder in my car records my passage and debits my account with the state highway department. Traffic cameras record my license plate at several points during my journey. Once out of the car, my smiling phiz can be seen on any number of CCTVs en route to my office, whose door I open with a card that automatically records my entry. The IP address of this posting will reveal that I am sitting in my living room as I write. Even without the GPS turned on, my phone regularly initiates a conversation with the local cell tower. I can be found with almost pinpoint accuracy.

So I'm not exactly going to panic to learn that my computer and phone keep a record of my latitude and longitude that they don't share with anyone else.

The government already knows where I live, where I work, where I bank, and all kinds of other interesting information. It's how they collect their taxes and send me my mail.

If there were the slightest indication that liberals, atheists, and other enemies of the state were being tracked by their GPSes and rounded up, I'd be the first to the barricades. But there isn't. Our privacy is not based on "nobody knows", it's based on "nobody cares."
Glad I am not the only person that feels this way. I do not appreciate having another method I can be tracked but at no point I am truly untrackable. The devices in Michigan seem to be a much bigger issue than someone else knowing what time my last trip to subway was at.

I feel sad for people who think it's okay for corporations, governments, or any organization to track and log your every move. Even when they apparently don't even bother to protect this information.

If you feel it's okay to be tracked like a tagged animal, that's your right. If you don't value yourself enough to think your privacy is important, go right ahead and feel that way.

But for the rest of us who believe in basic human rights, please don't help erode what little right to privacy we have left. Just because you don't care personally doesn't mean it's not a valid concern. I want the option of not having my every location logged unencrypted on my phone, and from the sound of many posts on this thread, I am definitely not alone.
The idea of a person truly having privacy is almost a joke. This little bit that we have left I feel is more of an illusion than something we actually have. People seem to be more than willing to track their entire lives on the internet without even being asked to do so. If you want some privacy the closest you are going to get is moving out into the country without a phone, gas, or electricity and live off what you can grow or hunt. Otherwise you are already tracked beyond what anyone that thinks about it should probably be comfortable with. This will not change what you will do in the next little bit though. I am quite sure you are still going to at least continue to use your debit card.
Score: 1 Votes (Like | Disagree)
hobo.hopkins Avatar
165 months ago
so the program can not find the file. Does that mean my iPhone isnt tracking me?
I was just about to post the same thing; the application says that it couldn't find the consolidated.db file. I even tried syncing my iPhone once more and it still didn't help. An interesting note though - I own a Verizon iPhone. I wonder if that has anything to do with it.
Score: 1 Votes (Like | Disagree)
nightcap965 Avatar
165 months ago
Help! Help! The paranoids are after me!

With respect to all the "view with alarm" postings that will follow, this really doesn't mean anything. I leave my home at the same time every morning. The transponder in my car records my passage and debits my account with the state highway department. Traffic cameras record my license plate at several points during my journey. Once out of the car, my smiling phiz can be seen on any number of CCTVs en route to my office, whose door I open with a card that automatically records my entry. The IP address of this posting will reveal that I am sitting in my living room as I write. Even without the GPS turned on, my phone regularly initiates a conversation with the local cell tower. I can be found with almost pinpoint accuracy.

So I'm not exactly going to panic to learn that my computer and phone keep a record of my latitude and longitude that they don't share with anyone else.

The government already knows where I live, where I work, where I bank, and all kinds of other interesting information. It's how they collect their taxes and send me my mail.

If there were the slightest indication that liberals, atheists, and other enemies of the state were being tracked by their GPSes and rounded up, I'd be the first to the barricades. But there isn't. Our privacy is not based on "nobody knows", it's based on "nobody cares."
Score: 1 Votes (Like | Disagree)
Trauma1 Avatar
165 months ago
I love all the dopes quoting various disclosures in agreements that we've agreed to. Just because something is written into terms of an agreement, does not make it lawful. Apple could put in their T&Cs you agree to allow Apple to shoot you dead if you jailbreak your iPhone. Do you think that would be OK too since you agreed to allow it?

Well now we know you're not an attorney, or at least a good one.
Score: 0 Votes (Like | Disagree)
KnightWRX Avatar
165 months ago
The granted patent describes exactly what is stored in the db... Instead of hysteria people should think a little more before becoming Jawas.
They have simply developed a method of accurately triangulating the devices position based upon (probably 4) towers.
And both my points has nothing to do with what is in the DB, it has to do with the lifetime of this content in the database. I know what is in there, I just don't want it to be kept indefinitely, nor do I want it in the backups on my Mac, as probably a lot of the people that aren't happy this in thread want.

I also want it to be disabled if I ask it to.

After all the press this is generating, I'm sure Apple will tone done the logging/lifetime to acceptable parameters and then we'll be able to all Move Along and be happy with our shiny toys once again.
Score: 0 Votes (Like | Disagree)

Popular Stories

iOS 17

iOS 17.2 Will Add These 12 New Features to Your iPhone

Friday December 1, 2023 12:19 pm PST by
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
iOS 16 4 Web Push

Apple Confirms Governments Using Push Notifications to Surveil Users

Wednesday December 6, 2023 5:06 am PST by
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US senator warned on Wednesday (via Reuters). In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications...
airpods pro 2 pink

Apple Releases New AirPods Pro 2 Firmware

Tuesday December 5, 2023 11:28 am PST by
Apple today released new firmware update for both the Lightning and USB-C versions of the AirPods Pro 2. The new firmware is version 6B34, up from the 6B32 firmware introduced in November. Apple does not provide details on what features might be included in the refreshed firmware beyond "bug fixes and other improvements," so it is unclear what's new in the update, but prior software releases ...
magsafe blue 2

iOS 17.2 Brings Qi2 Support to iPhone 13 and iPhone 14 Models

Tuesday December 5, 2023 11:04 am PST by
The iOS 17.2 update that Apple is set to release to the public in the near future will bring support for the next-generation Qi2 wireless charging standard to the iPhone 13 and iPhone 14 models. Qi2 was mentioned in the release notes for the RC version of the update that came out today. With the addition of support for the new standard, iPhone 13 and iPhone 14 models will work with Qi2...
Beyond iPhone 13 Better Blue

'All-Screen' iPhone Under-Display Camera Enters Development

Wednesday December 6, 2023 2:03 am PST by
Apple's Korean suppliers have begun developing smartphone under-display cameras (UDC), paving the way for the first iPhone with a true "all-screen" appearance. According to The Elec, LG Innotek has entered the preliminary development of the UDC, which sits under the display and does not result in a visible hole in the panel when the camera is not in use. A UDC differs from a typical front ...
iphone se 4 modified flag edges

iPhone SE 4 May Reuse Existing iPhone 14 Battery

Wednesday December 6, 2023 1:17 pm PST by
Recently, MacRumors has received details on the battery currently being tested on the upcoming fourth-generation iPhone SE, and the information corroborates previous findings in relation to the device. The iPhone SE 4, known by its device identifier D59, is expected to use the exact same battery found in the base model iPhone 14. Partially assembled prototypes of the next iPhone SE have been ...
airpods pro bulbs

Black Friday Prices Return for AirPods Pro 2 With USB-C, iPad, and More

Tuesday December 5, 2023 7:30 am PST by
Today we're tracking a collection of deals that are matching - or nearly matching - the same all-time low discounts we saw during Black Friday. This includes the AirPods Pro 2 with USB-C, 9th generation iPad, and M1 MacBook Air. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the ...
instagram messenger

Instagram and Facebook Messenger Chats to Disconnect This Month

Tuesday December 5, 2023 1:57 am PST by
Meta has revealed plans to end Instagram users' ability to chat with Facebook accounts later this month, rolling back a feature that it introduced over three years ago. In September 2020, Meta (then Facebook) announced it was merging its Facebook Messenger service with Instagram direct messaging, allowing Instagram users to chat with Facebook users and vice versa using the same platform....