Two security researchers have discovered that iPhones and 3G iPads running iOS 4 are "routinely" tracking and recording user locations (along with time stamps) in a hidden file.
"We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations," Alasdair Allan and Pete Warden explained in an article on O'Reilly Radar.
"The presence of this data on your iPhone, your iPad, and your backups has security and privacy implications. We've contacted Apple's Product Security team, but we haven't heard back."
According to Allan and Warden, the file is unencrypted, unprotected and resides on any machine synched with the device.
"All iPhones appear to log your location to a file called 'consolidated.db.' This contains latitude-longitude coordinates along with a timestamp.
"Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself."
Nevertheless, the two researchers advise iOS 4 users not to "panic," as there is no "immediate harm" caused by the availability of this data.
"But why this data is stored and how Apple intends to use it - or not-— are important questions that need to be explored.
"[Yes], the cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world."