Last Wednesday (April 20th, 2011), tech bloggers Alasdair Allan and Pete Warden reported that iPhones and 3G iPads running iOS4 were keeping a secret record of their users' travels in an unencrypted file. While there was no indication that the devices were sharing the data, there were concerns that if a person's phone were to fall into the wrong hands, their personal security could be compromised. At the time of Allan and Warden's posting, Apple had not responded to their inquiries. Yesterday, however, the company issued a statement in which it explained the apparent true purpose of database.
In the original article, which appeared on the O'Reilly tech blog, the writers stated that the phones were likely updating the file whenever they were used, via cell-tower triangulation. Anyone with access to another person's phone, who knew where to find the file, could presumably see all the locations that the phone had been to for up to one year – or as long as the device had been running iOS4.
According to Apple, however, that is not the case. The company stated:
The iPhone is not logging your location. Rather, it's maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone's location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.
The company did admit that the iPhone probably doesn't need to be caching more than seven days-worth of that information at a time – the fact that it's storing data gathered up to a year ago is reportedly due to a bug in the software, which will be addressed in an upcoming free iOS update.
Another bug apparently sometimes causes the phones to continue updating their Wi-Fi and cell tower data, even after users turn off the Location Services function. The software update should address that problem, and will also cause the phone to delete the cache when Location Services is turned off.
While the cache is presently not encrypted on the iPhone, the company stated that it will be in the next version of iOS.
More details are available on the Apple website.