I don’t know who broke the story first, but Fox News and CNN both have reports out, as do others, breathlessly warning iPhone and iPad 3GS users that a “secret file” is stored on your device which allows Apple to track your whereabouts at all times. They infer that this information could fall into the wrong hands – quoting that Apple has “made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.”
That’s not entirely correct. It seems that since the previous iOS upgrade to version 4.0 that Apple has this unencrypted file that stays on your iPhone or iPad 3GS which stores location data and time derived from cell phone tower triangulation. Why it’s there is not known. It could be that Apple is using it to test for or prepare for some future feature to be released. In any case, a couple of smart researchers found the file and wrote a quick program to display the information on a map so that the issue could be brought more urgently to the public’s attention – and to presumably get Apple to do something about it. To their credit, the researchers purposely made the application a little “fuzzy” be blurring some of the location results even though the underlying data file is much more granular.
The issue seems to be whether users should a) be made aware ahead of time that this data is being collected (certainly seems like a privacy issue) and b) be given an opportunity to opt out of such collection. I guess both are reasonable points – although I might argue that the horse has already long left that barn. But in any case, for me, the real issue is that Apple wasn’t smart enough to put this data behind a firewall of some sort. The fact that this data file was so easily recognized and exploited is not good. On a day when Apple once again announced record earnings, they have a little egg on their face for sure. And now the government wants answers – well, at least Senator Franken (D-Minn.) does.
What do you do about this? Well, practice good fundamental security in the first place. Your iPhone and/or iPad should be password protected – particularly if you are an attorney and keep client information on it as I do. You set that under Settings:General:Password Lock. Also, you should use encrypted backups when syncing your device to your desktop computer. This is done in iTunes under the Summary:Options pane when you have your device connected and selected. And lastly, your desktop computer should also be password protected. You can provide for that by setting a password on Systems Preferences:Accounts. And I suppose you could always turn off your iPhone or iPad 3GS when you don’t want to be found. But that seems to defeat the purpose of having the phone.
