Update 2: Apple has issued an official response.
Update: This story has generated followups from Thomas Ricker at Engadget, David Pogue, Andy Ihnatko and Dan Moren at Macworld. Researcher Alex Levinson points out that despite the Guardian's positioning of the location data as a shocking revelation, this data stash was well-known to forensics experts for some time (it's even mentioned in Levinson's book on iOS forensic analysis); as we noted below, analyst Christopher Vance had written about it in 2010 as well.
All concerned also note that while the location data is cached on your phone and on your computer, there is absolutely no evidence that Apple or your cell carrier are accessing that file to track you over time (although it's likely that AT&T or Verizon know your location anyway, since your phone registers itself with cell towers as you roam). That doesn't mean Apple is off the hook, by any means: US Senator Al Franken has written to Steve Jobs looking for answers about how this data is gathered, what it's used for and why it isn't encrypted.
The Guardian reports that independent researchers Pete Warden, a former Apple employee, and Alasdair Allan, a data visualisation scientist, announced today at Where 2.0 that they've explored a file hidden inside iOS backups which appears to track the location of the device going back as far as the installation of iOS4. [The first indications of location data in this file were actually brought up some time ago, but with substantially less fanfare. –Ed.]
The above map shows data taken from a test iPhone, and shows a detailed history of the phone's movements around the south of England. Warden and Allan have put up a page with a FAQ discussing their findings and an Open Source software tool you can run on your own backups to see what you iPhone knows about you. They've also published a video demonstrating the problem.
Particularly worrying is that this file is unencrypted on the device (and on your Mac or PC, unless you encrypt your iTunes backups) and so easily accessible by anyone with access to your computer's iTunes backups folder or with jailbreak access to your device. Because of the way iTunes handles backup-and-restore, the data will even automatically persist across devices if you replace your iPhone.
The data appears to come from cell tower triangulation, rather than the GPS chip; sometimes, they note it will erroneously record a spurious and inaccurate location. This also means there is no battery life impact from the monitoring. Talking to the Guardian before presenting their results at the Where 2.0 conference in San Francisco on Wednesday, Warden noted that "we haven't come across any instances of other phone manufacturers doing this."
It also appears from the granularity of the data that it isn't reliant on Core Location being active on the phone. In other words, the phone isn't logging your location only when you call up a GPS-enabled app and when the little compass needle warning icon appears in the top bar -- if it were, you'd expect most people's data to be mostly blank, with brief entries when they use Maps or another location aware feature. In our testing, however, Victor can see log entries every few minutes, all day, every day -- going back nine months. Meanwhile, Kelly H cannot see anything on her CDMA (i.e. Verizon) iPhone -- it's possible the data is only logged on GSM models. 3G iPads appear to log the info as well.
[The researchers say that the location data's persistence across device changes and backups is suspicious: "The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental." We're not so certain of that, as there are scores of backup files that move along with the backup/restore migration cycle; it's not so selective. Still, it's worth noting that this location history is moving along as you upgrade, not wiping back to zero. –Ed.]
We're still digging into the implications of this here at TUAW, and we'd like your input: if you are willing please download the tool and post a comment describing what you see. One note, if you zoom in on the map, you'll see the points falling into a grid pattern -- the researchers added this as a deliberate limitation in their program. The underlying data is more accurate than the tool shows, to prevent their demo app itself being used for malicious purposes.
In the mean time, if you are scared about the implications, the first thing you should do is load up iTunes, navigate to your device's screen, and tick the "encrypt backups" option. This will at least prevent anyone from reading the location log from your iTunes backup folder without your password, so you'll be protected if (say) someone steals your computer.
Update: Interview with Pete and Alasdair below.