What sort of data does your phone log to a file…and why?

That’s the most annoying mystery of these superphones that we carry everywhere. It’s a master key to pretty much everything we’ve got going on in our lives: where we’ve been, the people with whom we associate, what we say, and all of the things we’ve seen that we considered worth snapshotting. The phone maker should be both completely open about the data the device collects and should act as though disastrous things would happen if that data were ever to fall into the wrong hands. Because they would. The worst-case scenario of a lost or stolen or otherwise compromised phone is pretty goddamned bad.

So imagine my disappointment when I visited this page (thoughtfully forwarded to me by Dave Bittner). Developers Alasdair Allan and Pete Warden, while working on some mobile data-visualization tools, poked around inside their iPhones and found an SQL database containing a detailed log of the phone’s locations over the past several months. To demonstrate the problem, they wrote a little app that will pull up this file from your desktop iPhone backup, analyze it, and “replay” your movements over time on a map.

Yeah, it works. The app was written just as an illustration, so it intentionally fudges the accuracy. But if I fast-forward to last summer, I reveal a very rough track of the day I decided to blow off work and go to the Cape for an afternoon of swimming and fried clams. Here’s a video demo of the map, provided by the developers:

Washington DC to New York from Alasdair Allan on Vimeo.

A few reality checks, lest I inadvertently do a Glenn Beck number on all of you, here:

This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the logfile’s purpose is to track the performance of the phone and the network, and not the movements of the user.

A third party couldn’t get access to this file without physical access to your computer or your iPhone. Not unless you’ve jailbroken your iPhone and didn’t bother resetting its remote-access password…or there’s an unpatched exploit that would give Random Person On The Internet root access to your phone.

It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the logfile.

But still! What a nervous can of worms. This is an open, unlocked file in a known location in a standard database format that anybody can read. If someone has physical access to your Mac — or remote access to your user account — it’s a simple matter of copying a file and opening it. And while the logfile can’t tell someone that you were at a specific house, it can obviously tell your boss that you went to the Cape on the day you called in sick.

And it’s not as though Apple and these two developers are the only people who know that this file exists and that it’s so easy to access. By the time the Good Guys blow the whistle, the Bad Guys have had it for months. Lord only knows what they’ve been doing with this information.

It’s also, frankly, another reason why I value my iPhone’s “remote nuke” feature and wish it were possible to nuke all data directly from the handset. I can’t think of any circumstance under which my location data would possibly be damaging, incriminating, or even just embarrassing. That’s not the point: if I can’t control the data that my phone is collecting, I should at least have the power to destroy it utterly.

[Edited to clarify: what I want is a real “overwrite with zeros” feature, like the one you see in Disk Utility. Yup, you can go to Preferences and restore your iPhone to factory settings but I believe that this leaves your data vulnerable to recovery. I imagine a made-for-TV kind of scene in which the Angry Lawyer Bringing A Frivolous Lawsuit Against Me is fumbling for his phone, trying to get a court order to mine data off of my iPhone but before the paperwork comes through, I’ve already tapped nineteen buttons and there’s nothing on that phone that can be recovered.]

Finally, there’s “The ‘Ick’ Factor.” I don’t believe that Apple is up to anything nefarious here (again, I think it’s tracking the performance of the phone and not the movements of the user) but it makes the iPhone look very, very bad. That’s not to say that other phones don’t do even ickier things with user data…but this one’s big and public and easy to demonstrate on a nightly newscast.

Apple should treat this like a serious problem. I’ll be very, very pleased if I or anybody else can get a statement from them explaining what this file is for, and how the next iOS update will secure it.