Don't panic over iOS location logging


iOS is pretty solid from a security perspective. Because the database is not owned by the iPhone user’s account, it’s not easily accessible from the phone itself. Apps don’t have access to the file either, and because Apple approves everything in the App Store, it’s not likely a third-party app could sneak in some malicious way to read it. There now , but ironically you have to jailbreak your phone to do it—thus potentially making your phone vulnerable to inadvertently installing malicious applications.

True, if you lose your iPhone, then nefarious wrongdoers may be able to access this data by syncing the device with their own computer. If that concerns you, be sure to set a passcode on your phone and maybe so you can remotely wipe it.

Your Mac is the far bigger target here. Because third-party apps aren’t vetted by Apple, and the file is easily accessible by your own user account, it’s possible you could be duped into running a program that accesses this data. But, by enabling encrypted backups of your iPhone in iTunes, you can make sure the data is protected from any potential snoopers; it’s also just a good idea if you’re the security-conscious sort. When your iPhone is plugged into your Mac, click on the device in iTunes’s sidebar, scroll down to the Options heading and click the checkbox next to Encrypt iPhone backup; you’ll be prompted to enter and verify a password.

As I said up top, it remains unclear exactly why the iPhone is gathering this information. If it’s for the location services system, why does it need such an extensive backlog? My database has information going back to June of 2010. Daring Fireball proprietor and contributor John Gruber , that the data is supposed to be purged regularly. That seems likely, since if Apple were using it for some legitimate purpose—testing, for example—they’d need to be accessing it at some point and, again, there’s no indication that is the case.

Kudos, by the way, to the many folks—especially in the technology community—who’ve taken this development with reasonable aplomb and, in many cases, curiosity about retracing their steps. I’ve particularly enjoyed those who’ve posted their own location maps, or lamented that they never seem to go anywhere interesting. After all, this is the kind of info that can only be used against you if it’s secret. In that sense, making it public is a stroke of genius.