U.S. Senator Al Franken (D-Minn.) has added his voice to the growing chorus of lawmakers demanding an explanation from Apple about a location-tracking feature in iOS 4.
The iPhone and 3G-enabled iPad running iOS 4 have been saving location data to a hidden database file, according to Alasdair Allan, a researcher who wrote about discovering the setup on the O'Reilly Radar blog. His April 20 posting, which detailed how iOS 4 is apparently "storing a long list of locations and time stamps," has circulated widely around the Web.
Allen and co-researcher Pete Warden released an open-source iPhone Tracker application that plots the consolidated information on a map. "The database of your locations is stored on your iPhone as well as in any of the automatic backups that are made when you sync it with iTunes," Allen wrote as part of a FAQ about removing the data. "One thing that will help is choosing encrypted backups, since that will prevent other users or programs on your machine from viewing the data, but there will still be a copy on your device."
U.S. Rep. Edward Markey (D-Mass.) wrote an April 21 letter to Apple CEO Steve Jobs, asking for clarification and hinting that the tracking could violate the Federal Communications Act. He was soon joined by Franken, who voiced some issues of his own.
"The existence of this information stored in an unencrypted format raises serious privacy concerns," read Franken's April 21 letter. "The researchers who uncovered this file speculated that it generated location based on cell phone triangulation technology. If that is indeed the case, the location available in this file is likely accurate to 50 meters or less."
This opens the door, he insisted, to all sorts of bad possibilities.
"It is also entirely conceivable that malicious persons may create viruses to access this data from customers' iPhones, iPads, and desktop and laptop computers," the Franken letter continued. "There are numerous ways in which this information could be abused by criminals and bad actors."
The location data saved by iOS apparently contains information gleaned from cell towers and the names of WiFi access points, and not actual GPS data on the tablet or smartphone. At least in theory, anyone who manages to seize the user's iOS device and its syncing PC will have access to the unlocked database file and roughly a year's worth of consolidated location data.
Franken also wants to know why Apple's collecting the data. "Why did Apple choose to initiate tracking this data in its iOS 4 operating system?" is just the first of many questions posed at the end of the letter.
Over at the blog Daring Fireball, John Gruber offers something of an explanation for that one.
"I don't have a definitive answer, but my little-birdie-informed understanding is that consolidated.db [the database file] acts as a cache for location data, and that historical data should be getting culled but isn't," he wrote April 21, "either due to a bug or, more likely, an oversight."
Apple could always push through an update that fixes the issue.