It’s fascinating to see what happened overnight on this story. Firstly, lots of people began posting maps of where their iPhones had been, which is a clear demonstration of the First Law of Technology — which says that if something can be done then it will be done, irrespective of whether it makes sense or not. Personally I’ve always been baffled by how untroubled geeks are about revealing location data. I remember one dinner party of ours which was completely ruined when one guest, a friend who had been GPS-tracking his location for three years, was asked by another guest, the late, lamented Karen Spärck Jones, if he wasn’t bothered by the way this compromised his privacy. He replied in the negative because he had “nothing to hide”. There then followed two hours of vigorous argument which touched on, among other things, the naivete of geeks, the ease with which the punctiliousness of Dutch bureaucracy made it easy to round up Dutch Jews after the Germans invaded Holland in the Second World War, the uses to which location data might be put by unsavoury characters and governments, Karl Popper and the Open Society, etc. etc.

Michael Dales has a couple of interesting blog posts (here and here) about the iPhone data-gathering facility. And, like all geeks, he’s totally unsurprised by the whole affair.

It seems rather than worry geeks, most of us find the data amazing. I suspect that’s because most of us know that this data could be got otherhow anyway – all it really shows is where your phone has been, and the phone operators know that anyway – and I typically trust them a lot less than I trust Apple (not that I think Apple is angelic, it’s a shareholder owned company, but I generally have a more antagonistic relationship with phone companies than I do Apple). So the fact the data resides on my phone is handy – if I was worried about people tracking where my phone goes then I’d never turn it on.

Michael also sees positive angles to this.

If you have a Mac and want to see where your iPhone has been (and then, like most people, post it to the Internet :) then you can get the tool to do so here. What I think is potentially really exciting is what you can do with the data now that you have access to it, not just your phone company. Quentin has already had the idea that you could use it to geotag your photos, which would be awesome, but how about things like carbon calculators, trip reports, and so on?

This post attracted a useful comment from ScaredyCat which gets to the heart of the problem:

The brouhaha isn’t just about the data being stored, it’s about the data being stored unencrypted. I love data like any geek but you do have to wonder why the data is being collected in the first place.

Precisely. What the data-logging and storage facility means is that your iPhone is potentially a source of useful confidential information for people who would have no hope of obtaining that information legally from a mobile phone network.

This point is neatly encapsulated by Rory Cellan-Jones in his blog post:

This obviously has intriguing implications for anyone who possesses one of these devices. What, for instance, if you had told your wife that you were off on a business trip – when in fact you had slipped off to the slopes with some mates – and she then managed to track down your iPhone location file? (I should stress that this is an imaginary scenario).

For divorce lawyers, particularly in the United States, the first question when taking on a new client could be “does your spouse own an iPhone?” And law enforcement agencies will also be taking a great interest in the iPhones – or iPads – of anyone they are tracking.

The other interesting thing about the spyPhone story is that, according to Alex Levinson, it’s an old story. He says that

Back in 2010 when the iPad first came out, I did a research project at the Rochester Institute of Technology on Apple forensics. Professor Bill Stackpole of the Networking, Security, & Systems Administration Department was teaching a computer forensics course and pitched the idea of doing forensic analysis on my recently acquired iPad. We purchased a few utilities and began studying the various components of apple mobile devices. We discovered three things:

* Third Party Application data can contain usernames, passwords, and interpersonal communication data, usually in plain text.
* Apple configurations and logs contain lots of network and communication related data.
* Geolocational Artifacts were one of the single most important forensic vectors found on these devices.

After presenting that project to Professor Stackpole’s forensic class, I began work last summer with Sean Morrissey, managing director of Katana Forensics on it’s iOS Forensic Software utility, Lantern. While developing with Sean, I continued to work with Professor Stackpole an academic paper outlining our findings in the Apple Forensic field. This paper was accepted for publication into the Hawaii International Conference for System Sciences 44 and is now an IEEE Publication. I presented on it in January in Hawaii and during my presentation discussed consolidated.db and it’s contents with my audience – my paper was written prior to iOS 4 coming out, but my presentation was updated to include iOS 4 artifacts.

Thanks to David Smith for passing on the link to the Levinson post.

Oxford to Cambridge and then London from Alasdair Allan on Vimeo.

Fascinating video of location data routinely and covertly gathered by an iPhone belonging to research Alasdair Allen. I came on it via an intriguing Guardian story which reported that

Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronised.

The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.

For some phones, there could be almost a year’s worth of data stored, as the recording of data seems to have started with Apple’s iOS 4 update to the phone’s operating system, released in June 2010.

“Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been,” said Pete Warden, one of the researchers.

Only the iPhone records the user’s location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. “Alasdair has looked for similar tracking code in [Google’s] Android phones and couldn’t find any,” said Warden. “We haven’t come across any instances of other phone manufacturers doing this.”

Lots more information (plus a downloadable open source application that enables you to locate the file containing your location data history) on Pete Warden’s site. He’s got some helpful FAQs, including these:

What can I do to remove this data?

This database of your locations is stored on your iPhone as well as in any of the automatic backups that are made when you sync it with iTunes. One thing that will help is choosing encrypted backups, since that will prevent other users or programs on your machine from viewing the data, but there will still be a copy on your device.

Why is Apple collecting this information?

It’s unclear. One guess might be that they have new features in mind that require a history of your location, but that’s pure speculation. The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental.

Is Apple storing this information elsewhere?

There’s no evidence that it’s being transmitted beyond your device and any machines you sync it with.

What’s so bad about this?

The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.

It’s interesting that the mobile operators also keep this data, but the cops have to get a special order to access it. (Which they often do, as we find out in evidence to murder trials, for example.) But anyone who gets access to an iPhone (or, it turns out, a 3G-enabled iPad) can get it without going through any legal palaver.

Interesting, ne c’est pas? n’est-ce pas?

(Thanks to Duncan Thomas for correcting my French.)