Blogger NoBelSec has found some interesting information on iOS 6 in a file called cache_encryptedA.db which stores accurate data on the exact location where you have been using your iPhone.
This particular file contains geo-locations provided by apps, cellular and wifi data on the iPhone, it will also tell you additional stuff like the location where your calls have been made from. The Information stored are timestamp, latitude, longitude and altitude.
Since the iPhone used in this test didn’t have a SIM card the only data stored in this case is from connecting to Wifi, he found out that when he connects to a new WAP, the MAC address is stored, together with geographic data.
The same file also contains data on the last app that made use of this information (your location). The image bellow shows app AppHarvest access geo-location data stored on the phone:
What is surprising is the accuracy of the data and the fact that it is not encrypted (all though the name of the file says other wise) and could be a huge security thread since it can be accessed by anyone (or any app) and is real threat to privacy, there is no reason for Apple to store the location of where you have been. Your device has to be jailbroken to access this file and the file doesn’t show up in device backup. Here is a map that shows the locations an iPhone has been in the UK (image by TG)
As of now we know this affects users that run iOS 4, iOS 5 and iOS 6 but we don’t know for sure if this issue also affects more updated iOS versions like iOS 7.
Editors Note: Back in 2011 The Guardian published an article related to this, they were running iOS 5 and confirm that Apple has been doing this since iOS 4. 3 years later the same security issue still stands. Until today we didn’t know if the same file was on newer iOS versions but the fact that blogger NoBelSec has been able to find it confirms that Apple still hasn’t fixed the fact that the iPhone stores non encrypted private data.
