SECURITY RISK: Your iPhone and iPad is Tracking Everywhere You Go! - ITS Tactical

Shop the ITS Store!


SECURITY RISK: Your iPhone and iPad is Tracking Everywhere You Go!

By Bryan Black

Data Scientists Alasdair Allan and Pete Warden have just released new research detailing how Apple is keeping track of your every move in an unencrypted file that resides on the computer you use for backing up your iPhone and iPad 3G.

While there’s no evidence this data is being transmitted to Apple, we strongly feel this is a security risk, as this tracking information is located in a file called location.db in your backup files and records every cell tower you’ve accessed.

Allan and Warden notice that the first instance of location tracking started with the install of iOS4 in both the iPhone and iPad, which was released almost a year ago. This means there’s nearly a year’s worth of locations stored in this consolidated.db file. This is thousands of data points!

See it for Yourself

If you’re interested in finding out where you’ve been for the last year, Allan and Warden have written a desktop app that you can download here. You’ll be presented with a graphical image and heat map of where you’ve been in the world, it’s quite interesting and scary at the same time.

The image you see above is what Apple has tracked on me around the D/FW area in Texas. It’s fairly accurate at displaying your local locations as well as the places you’ve visited.

All that would need to happen for someone wanting to use this information for the wrong purposes, is to gain access to your computer and simply open this application to find out where you’ve been. Hopefully everyone reading this has also taken the proper precautions to protect their computer as well.

The good news, for those of you using different phones out there, is that Allan and Warden were not able to find anything similar on other platforms like Android. Update: Android phones are definitely at risk too.

What can I Do?

iPhone Tracking Security Risk 02The first step is to encrypt your backups! By default, your iPhone backups are not encrypted. With your device plugged in to sync, click on the device and bring up the summary tab. Under options you’ll see a check box next to “Encrypt iPhone Backup.” Check it and set a password, which will force a backup that will now be encrypted.

We’d like to strongly encourage everyone out there to encrypt their backups, if not only for this security risk discussed in this article, those backups also contain all your contacts, text messages and pretty much everything you do on your phone. The ability to store this data unencrypted is just ridiculous on Apple’s part.

Please also distribute this information to everyone you know that has an iPhone or iPad and help mitigate this security risk for all those you know!

Are you getting more than 14¢ of value per day from ITS?

Thanks to the generosity of our supporting members, we’ve eliminated annoying ads and obtrusive content. We want your experience here at ITS to be beneficial and enjoyable.

At ITS, our goal is to provide different methods, ideas and knowledge that could one day save your life. If you’re interested in supporting our mission and joining our growing community of supporters, click below to learn more.


  • I believe the file in question is actually called consolidated.db and it definitely should have been encrypted by default, but why Apple is actually storing this info is beyond me.

  • awc

    The so called iphone tracking is nothing to get hysterical about

    • AWC, I’d read that article before writing mine. I agree that for some this is old news, but there are others more concerned about their privacy than I am. What I wrote stands, this is a security risk.

    • BCarter

      I have to concur with Mr. Black. At what point this information necessitates collection and storage by Apple is beyond me – I have yet to sit and ponder “how great would it be if Apple could tell me every where I’ve been since I’ve purchased their phone.” And while I would hate to be short-sided – I doubt I ever will. If the question box is “would you like us (retailer/mfr) to store nearly every spot at which you’ve accessed a cell tower?”, my check goes in the “no” box – in permanent ink.

      Regarding security risk – it most certainly is. I’m not going to query each persons’ line of work, but suffice to say that some of us know good and well that a predictable route is a dangerous route, that bad people actually do exist in this world (and they’re pretty smart, too), and we would rather stay on the safer side when it comes to ourselves and those we love. Am I going to get hysterical and toss my iPhone into the blender? No. Am I thankful this has been addressed and will now go take preventative measures? Yes.


    • That’s more than senblsie! That’s a great post!

  • Blade Staker

    Thanks for the info! Never gave it a thought and I have files for work on my iPhone that can’t get out.

  • mmasse
  • Steven

    SO I downloaded that desktop app so I could see for myself but I can’t get it to work. Do I need a MAC to view it?

    • Ryan

      I had the same issue, apparently the app is only for MAC OS.


    The linked story on Android isn’t exactly accurate in that it isn’t related to the Apple’s location database file on the device, that is talking about the data that is sent to Google to improve service. A feature that both of the other mobile OS companies have, and can be turned off.

    Now OTOH Android does cache some location data on the device, depending on the source it can be the last 50-200 locations. It’s a security risk, but not as big of one as the Apple database.

    Gizmodo has a handy chart:!5794891/do-apple-google-and-microsoft-know-your-every-step-a-handy-chart

  • Peter G.

    This is a non-story– not because the data is incomplete, inaccurate, and not being divulged to third parties– but because location tracking data is also collected by all cellphone operators. It’s far easier for government agencies, private investigators, stalkers, and idly curious employees to browse this information, and of course, this kind of tracking has been going on as long as cellphones have existed and it applies to all phones regardless of make or model.

    Scott McNealy, a co-founder of Sun Microsystems, famously said “You have zero privacy anyway. Get over it.” He was overstating the situation somewhat, but that’s a good attitude to take. If anything you’re doing can be detected by someone else, you’d better assume it’s being recorded and distributed to people who are not on your side.

  • RIP


    Further corroboration of google and apple’s tracking.

    I recommend caution against all or nothing stances: you may have zero privacy, or they may not even look at the logged data. But does it hurt to keep it in a faraday case when not using it?


Do you have what you need to prevail?

Shop the ITS Store for exclusive merchandise, equipment and hard to find tactical gear.

Do you have what you need to prevail? Tap the button below to see what you’re missing.