Apple and Android smartphones silently track their users

According to the BBC, the iPhone GPS/time logging also affects iPad users, although it appears only to involve iPads which are GSM/mobile broadband-enabled, Infosecurity notes.

Two researchers – Alisdair Allan and Pete Warden – released the technical details of the GPS/time logging database details earlier this week, generating a storm of protest from outraged iPhone users.

Now the dust has settled on the issue, it seems that Apple may have engineered the logging feature within iOS 4.x to allow it to develop a WiFi access point service, especially since such monitoring is covered in the iPhone's terms of use that cellcos apply to users.

Despite this, users are upset by reports that the data is also transferred to the users' computer when an iTunes sync is carried out, as well as the fact that the data files are not encrypted.

The BBC quotes Graham Cluley, Sophos' senior technology consultant, as saying that it is unlikely that Apple planned to use the information for commercial purposes.

"I think there are some legitimate privacy concerns and people will probably look for a way of obscuring that data", he said, adding that it is an object lesson about reading the terms and conditions.

The GPS/time logging issue, meanwhile, is reportedly less in-depth on the Google platform, but an Android app capable of accessing and interpreting the data – held in cache.cell and cache.wifi files on mobile – has already been developed.

Unlike Apple, Google has been more forthcoming on the issue, claiming that the database allows the handset to discover its location a lot more easily than having to conduct a full scan each GPS scanning cycle, and so draining the battery.

John Gruber, a security researcher, said that the iPhone database is not actually GPS data, but is actually extrapolating the position from nearby cellular base stations.

"The database can't reveal where you were – only that you were in a certain vicinity. Sometimes it's miles and miles off. This implies that the logfile's purpose is to track the performance of the phone and the network, and not the movements of the user", he said in his security blog.

Gruber notes that users can encrypt the data if they tick the relevant box on iTunes, while "a third party couldn't get access to this file without physical access to your computer or your iPhone.

"Not unless you've jailbroken your iPhone and didn't bother resetting its remote-access password – or there's an unpatched exploit that would give a 'Random Person on the Internet' root access to your phone", he said.

What’s Hot on Infosecurity Magazine?