Why has your iPhone been secretly recording everywhere you go since iOS4, in a way that a simple program can extract everywhere you've been from either your iPhone or your computer? Well, probably, a bug.

Or "more likely, an oversight," according to John Gruber and his sources (who, for the uninitiated, are most probably inside of Apple). What kind of "oversight" could lead to your phone giving up everywhere you've taken it, you ask?

As Gruber's been informed, consolidated.db—the tin-foil-hat-inducing log in question—is a cache for location data. (As Pete Warden and Alasdair Allan's FAQ about their project implies.) What's supposed to happen with the cache is that the "historical data should be getting culled but isn't"—because of said bug or oversight. In Gruber's words:


I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that's meant to serve as a cache of your recent location data is instead a persistent log of your location history. I'd wager this gets fixed in the next iOS update.

This makes a lot of sense, because Windows Phone 7 and Android work more or less the same way—they both cache your single most recent location. And while Apple's not said anything publicly about this so far, I'd also bet that this gets quietly patched up in the next iOS update. In the meantime, if you are freaked out on a personal—not merely philosophical—level, start encrypting your iPhone backups. And, uh, don't lose your phone.

Update: From Hacker News, more evidence that this is like the case—some details about the way Android's location cache works—along with more analysis of the iPhone's location tracking. [Daring Fireball, Hacker News]


P.S., network engineers and other types, if you wanna chat, on or off record, hit me here.