Apple Inc.'s iPhone and iPad are keeping very close track of where you’ve been.

Security researchers said they found a file hidden in the operating software of Apple’s devices that can contain tens of thousands of records of a user’s precise geographical location, each marked with a timestamp.

Those records create a highly detailed history of a user’s whereabouts over months or even years.

The data are in an unprotected file embedded in the phone and tablet computer, the researchers said Wednesday, allowing hackers who pick up a lost iPhone or iPad access to the location history with relative ease.


The discovery comes as technology companies are coming under increasing scrutiny for the ways in which they collect, store and share personal information gleaned from consumers’ use of digital devices.

Apple, Google Inc. and Facebook Inc., three of the most popular consumer technology companies, have attracted intense scrutiny from regulators and privacy advocates.

Illustrating the data in dramatic, understandable form, security researchers Pete Warden and Alasdair Allan released a software program Wednesday that allows iPhone and iPad users to download and plot their location histories onto an interactive map, showing their trail over time.

The maps show clusters of colorful dots in hundreds or thousands of precise locations visited by the device’s user.


“I have no idea what Apple thinks it’s doing in collecting this,” said Christopher Soghoian, a cybersecurity researcher at the University of Indiana and formerly a Federal Communications Commission employee. “You’d think they would’ve learned the lesson Google learned, which is: Don’t surprise your users on privacy.”

Apple raised eyebrows last year when it added a phrase to its privacy policy disclosing that it would “collect, use and share precise location data, including the real-time geographic location of your Apple computer or device.” The company said that the data were anonymous and could not be used to identify the original user.

But Allan of Exeter University and Warden, a former Apple engineer, said the cache of location information on a user’s iPhone or iPad can be linked easily to the user and is not protected by any security.

Cellphone location data have long been collected by wireless providers to help route calls to mobile users. Law enforcement officials can get access to that data, but it generally requires a court order.


“Now this information is sitting in plain view, unprotected from the world,” Warden and Allen wrote in an online post on the O’Reilly Radar technology site. The data are “available to anyone who can get their hands on your phone or computer,” they said.

Apple did not return requests for comment.

Many Apple customers were excited about the maps, which aren’t as specific as the data used to plot them, and wanted to share their meanderings.

Randy Botti, a web designer in Hawaii, posted a map showing visits to many spots around the coast of the Big Island.


“Here’s my iPad location map,” Botti wrote on Twitter. “I showed mine, now show yours.”

david.sarno@latimes.com