Two researchers said they have uncovered a hidden file on Apple Inc. iPhones that keeps a record of where the phone has been autoclave and when it was there—a database that is unencrypted and stored by default.
The security experts, Alasdair Allan and Pete Warden, also created a program that lets iPhone owners see what the device has stored about their whereabouts. The maps produced by the program show details stretching back months.
It's not clear why the data are stored on the devices. There's no evidence the information is transferred to Apple. The company didn't respond to a request for comment.
"Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps," said Mr. Allan, a technology author, in a post on the website of technology publisher O'Reilly Media.
Mr. Allan and Mr. Warden, a former Apple employee, were expected to present their findings Wednesday at a conference hosted O'Reilly Media. The Guardian newspaper also reported on their discovery.
The news follows a Wall Street Journal investigation last December which cold room revealed that smartphone apps expose personal details about their users. An examination of 101 apps showed 56 sent the phone's unique device ID to other companies without users' awareness or consent, and 47 sent location information. Companies receiving that information included Apple, Google Inc. and advertising networks.
Wednesday's research looks not at specific apps but at data collected during general use.
The researchers say the database they uncovered is restored each time an iPhone owner backs up the phone, even if the person switches to a new iPhone. IPhones and iPad 3G models running the latest version of Apple's iOS operating system have the database on it, they say. The file is transferred to any computer synced to the phone or tablet, the researchers say.
The latest version of Apple's operating system, iOS 4, heralded the impact crusher launch of Apple's mobile-advertising platform. Apple has previously said it uses location data to serve ads and provide certain services. The company says this can be prevented by turning off location services.
Wireless providers have long collected similar location data, which is important to have for call routing and for billing. But they store the data securely and the data aren't saved on phones.
The researchers say they found the database when looking into how they might make a graphic that displayed mobile data. "At first we weren't sure how much data was there, but after we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements," they wrote.
The researchers said Apple hadn't responded to them about the electronic ballast issue. Mr. Warden worked on desktop software for the company for five years, he said. "We're both big fans of Apple's products, and take no pleasure in uncovering this issue," the researchers wrote.
No comments:
Post a Comment