SECURITY RISK: Your iPhone and iPad is Tracking Everywhere You Go!
SECURITY RISK: Your iPhone and iPad is Tracking Everywhere You Go!
Data Scientists Alasdair Allan and Pete Warden have just released new research detailing how Apple is keeping track of your every move in an unencrypted file that resides on the computer you use for backing up your iPhone and iPad 3G.
While there’s no evidence this data is being transmitted to Apple, we strongly feel this is a security risk, as this tracking information is located in a file called location.db in your backup files and records every cell tower you’ve accessed.
Allan and Warden notice that the first instance of location tracking started with the install of iOS4 in both the iPhone and iPad, which was released almost a year ago. This means there’s nearly a year’s worth of locations stored in this consolidated.db file. This is thousands of data points!
See it for Yourself
If you’re interested in finding out where you’ve been for the last year, Allan and Warden have written a desktop app that you can download here. You’ll be presented with a graphical image and heat map of where you’ve been in the world, it’s quite interesting and scary at the same time.
The image you see above is what Apple has tracked on me around the D/FW area in Texas. It’s fairly accurate at displaying your local locations as well as the places you’ve visited.
All that would need to happen for someone wanting to use this information for the wrong purposes, is to gain access to your computer and simply open this application to find out where you’ve been. Hopefully everyone reading this has also taken the proper precautions to protect their computer as well.
The good news, for those of you using different phones out there, is that Allan and Warden were not able to find anything similar on other platforms like Android. Update: Android phones are definitely at risk too.
What can I Do?
The first step is to encrypt your backups! By default, your iPhone backups are not encrypted. With your device plugged in to sync, click on the device and bring up the summary tab. Under options you’ll see a check box next to “Encrypt iPhone Backup.” Check it and set a password, which will force a backup that will now be encrypted.
We’d like to strongly encourage everyone out there to encrypt their backups, if not only for this security risk discussed in this article, those backups also contain all your contacts, text messages and pretty much everything you do on your phone. The ability to store this data unencrypted is just ridiculous on Apple’s part.
Please also distribute this information to everyone you know that has an iPhone or iPad and help mitigate this security risk for all those you know!
Discussion