According to a report in the Guardian two security researchers, Pete Warden and Alasdair Allan, unveiled their findings at the Where 2.0 conference in San Francisco today.
They state that the iPhone logs the latitude and longitude of its whereabouts at regular intervals – as well as a timestamp – and then saves it to a file on the device.
By using a simple program this data can be retrieved, meaning that anyone who had access to the iPhone could tell where the owner had been – and when – quite easily, Warden and Allan claim.
“Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been,” said Warden.
As the file is transferred to your computer every time it is synced, it is also transferred onto your new device should you upgrade from one iPhone to another, Warden and Allan said.
If the claims are correct Apple could be facing a massive PR disaster. Privacy campaigners are already expressing their shock at the report. Simon Davies, director of the pressure group Privacy International told the Guardian that Warden and Allan’s claims were “worrying”.
Last year, Apple laid out its policies for the retention of location-based data. At the time, Apple said it collected GPS data daily from iPhones running OS 3.2 or iOS 4.
The phones collect the GPS data and encrypt it before sending it back to Apple every 12 hours via Wi-Fi. Attached to the GPS data is a random identification number generated by the phone every 24 hours. The information is not associated with a particular customer, Apple said.
Apple also collects diagnostic information from randomly selected iPhones. It asks for consent first. If a user approves, Apple may collect information like the location of the phone at the beginning and the end of a call, to see if dropped calls happen often in a particular spot, for example, it said.