Why is Your IPhone Or IPad Spying on You?

The fact that the iPhone or iPad are capable of logging location data should not come as a surprise to anyone. Services like Foursquare, Facebook Places, mapping apps, and turn-by-turn navigation all rely on that functionality. But, the world does seem to be shocked by the privacy implications of the revelation that Apple is storing that data on the iOS device for anyone to access.

Smartphone Security Follies: A Brief History

The type of data being stored by Apple on iPhones and iPads is not any different than the sort of location logging that is already done by the wireless provider. There is a reason that characters always toss or destroy their cell phone when trying to evade law enforcement in thrillers.

Andrew Storms, director of security operations for nCircle, claims, “Apple has made it not just possible, but relatively easy, for almost anyone with access to your iOS device to get detailed information about where you have been, without your consent or knowledge.”

There is a lot of debate over Apple’s secretive, walled-garden approach to providing a mobile user experience. It certainly seems to have its advantages–especially as compared to the “open” approach of Google’s Android OS, and the malware and security concerns that have plagued it recently. But, maybe users need more security and privacy protection from Apple rather than by Apple.

The security researchers who discovered the location tracking data–Alasdair Allan and Pete Warden–state, “We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”

They go on to explain that there is nothing to indicate that the data is being transmitted to Apple. However, Apple already has pending litigation based on how apps access and share personal data, so it doesn’t take a huge leap of logic to jump to the conclusion that there might be a back door or grand plan for what to do with this location data as well at some point.

The researchers found that the sensitive data is stored unencrypted and unprotected, and that it is stored on every PC you sync your iOS device with. The data can be easily accessed and provides data on everywhere your 3G iOS device has been since iOS 4 was released.

Storms cautions, “We already have a third party app available that can read and plot the data. It would be pretty easy for a Trojan app to do exactly the same thing. I can imagine a lot of law enforcement applications that would not exactly thrill users.”

Fred Touchette, senior security analyst at AppRiver, says, “Imagine what evildoers could do with that info; they could easily recognize daily patterns and know how long you’ll be away from your home or office. There is also a possibility such information can be accessed remotely with custom crafted malware, and then sold on the black market much like cyber criminals currently sell credit card information.”

Apple has some explaining to do. There must be a reason the data is logged in the first place, and stored on your iOS device. It is hard to imagine a legitimate use, though, that would excuse breaching user privacy in this way.