OK.  So you just bought your brand new shiny iPhone and you turn on the local news only to find out that it is tracking your location.  You are worried.  After all there is a new evil file, the consolidated.db, that tracks your every location:

1. “However, the data file is sensitive because a thief who gains physical access to an iPhone or iPad could look at the file and see everywhere a customer has been, or a hacker could remotely break in and read the file, Miller said.”  -- http://www.wired.com/gadgetlab/2011/04/iphone-tracks/
   

And from CNN (OK Really the same Wired author):

1. “This is true for both Android and iPhones, but it's no longer the point. Having a data file with over a year's worth of your location information stored on your iPhone is a security risk.
   

2. So if a thief got his hands on your iPhone, he can figure out where you live and loot you there, too.”  -- http://edition.cnn.com/2011/TECH/mobile/04/25/iphone.tracking.wired/
   

Instead of simply trusting the information I read on the internet, I decided to actually test to see how accurate the recorded data is.  Are the above fears justified?  What happens when you extract a 36 hour time period from a day when you limited yourself to walking the dog, shopping for food in the local market and drinking glasses of tea at the local coffee shop?  Does the data pinpoint my location validating the fears of Brian Chen?

What I found is interesting.  Having gone shopping and walking the dog for about 5 miles, the iPhone’s stored location data did not encompass my actual location and covered an area of over 43 square miles:

What does the location data look like for 36 hours?

Figure 1:  Plot of location service data stored in the iPhone’s Flash memory for a 36 hour period.

The above plot is interesting to me with regard to Chen’s statements.  The dark track in the middle of the circle represents the limits of my travels for the 36 hour period.  This includes the following activities:

1. 1.Walking the Trixie dog about 5 miles on a series of walks.
   

2. 2.Shopping at the local grocery store.
   

3. 3.Drinking my daily glasses of tea at the local coffee shop.
   

4. 4.Working at home.
   

Given the above data, the closest possible placement is pretty darn close at about 0.2 miles.  This gives Chen’s fears some credence.  However, and this is a HUGE however, the furthest points of tracking are over 3.75 miles away.  Likewise, not a single geo location actually maps within the true area I was in.  Taken as a dataset, if I lost my phone, a thief could target my home within a 43.5 square mile area.

Like everyone, I am going to make some bullets to read.

1. •The data is not tracking the location of the iPhone but the location of other objects like cell towers near the phone.
   

2. •The data does not provide accurate enough data to allow a thief or a stalker to actually determine a daily routine.
   

3. •The data is good for general trends like “I went to Scottsdale that day” or “I went camping somewhere in the Tonto National Forrest”.  I found the camping location data good to within about 25 miles or roughly 2000 square miles.
   

4. •Read Alex Leninson’s write up on this.  Follow this link!!!
   

5. •Also read f-secure’s write up.  Both of these are great original works from people with real knowledge.
   

6. •Apple.  Cull your data.  That you are collecting the data is well known and spelled out in TOS and opt-out dialogs.  On the other hand, there is no reason to keep months and months of data.  I will admit it was fun to watch a trip I took cross country 6 months back or so.  The data was frequently off by as much as 30 miles.
   

7. •If you are going places you do not want other people to know about do the following few things:
   

1. 1.Encrypt your iTunes backup.  This is done by selecting the iPhone device in iTunes and is on the Summary Page.
   

2. 2.Use strong passwords on your iPhone: Settings->General->Passcode Lock->Simple Passcodes to OFF.  Set the Requires Passcode to “Immediately”.
   

3. 3.Disable Location ServicesSettings->General->Restrictions->Location.  This will prohibit data from being sent out and prohibit any third party apps from tracking.   Geo location based services like maps and shopping apps will not function too well.
   

4. 4.Require passwords to login to your computer.
   

5. 5.Use different passwords at each step.
   

6. 6.Use File Vault.
   

Me?  I don’t plan on changing any of the settings I currently have.  I have a password on my login screen.  I don’t encrypt my iPhone backup but I do encrypt my home directory.  I use simple passcodes on the iPhone and have a 15 minute grace period.