We know where you live! At least that's the claim that Apple can make following the discovery that their latest iOS4 iPhone/iPad software has a tracking mechanism that continually records details of where an iPhone is located so long as the phone is left switched on. Moreover, as well as being stored on the phone itself, this information is also automatically included in the backups made when you sync your iPhone using iTunes. Although it's been known in the digital forensics world for a few months, the news broke to the general public after a report by security researchers Pete Warden and Alasdair Allan and has sparked a furory on the Internet, with blog posts and tweets reacting to the news that your anonymity just got that little bit smaller. But is the news really that serious? How concerned should the average iPhone user be?
We've done some research into the issue and our conclusion is that the location data exposed in iTunes backup files is enough to cause some concern in certain circumstances. We analysed a phone which has about a year's worth of location data. In general terms it's possible to use this data to see broadly where the phone user was on any given day. For example when the user went on holiday to the Maldives earlier in the year, you can see the phone location points jump from London to the Maldives. However it's not as easy to drill down into much more specific locations.
Since the data appears to be derived from mobile phone base stations (cell phone towers for our American friends) the accuracy of the location points varies considerably. Within cities (or other areas where there are lots of mobile phone base stations) you can generally track a user to within a few hundred metres. In the countryside it's a different picture. In one example a user was in Portsmouth for a day, but the location plots showed the user during that day as variously being in Portsmouth, Southampton and the Isle of Wight! Moreover it would appear that Apple chose for some reason not to store this data in real time. Instead the location information is batched up and recorded on the phone typically once or twice a day.
This can mean that a user appears to be in several places at once, as three or four different locations can be recorded, but all with the same date/time. However, it's clear that there is enough data to provide a general picture of what a user has been doing. The police and security services could find the data invaluable in proving or disproving an alibi without having to go to the considerable expense of issuing a subpoena to the mobile networks for more accurate location data. If you own an iPhone and are curious what information the phone shows about you then we have updated our iPhone Backup Extractor to extract location data into either CSV format (suitable for viewing in Excel) or KML format (which you can view on a map by using the free Google Earth software). Moreover, since we recognise this is an issue that is causing many people concern we have decided to incorporate this feature, without restriction, into the free version of our software. You can download the software from http://www.iphonebackupextractor.com/free-download/.