Apple has tracked every iPhone and iPad 3G user's physical location since the release of iOS 4.0, security researchers have discovered, with a secret backup of positions and timestamps kept on any Mac or PC the devices are synchronized with. Alasdair Allan and Pete Warden found that, from iOS 4.0, an unencrypted and otherwise unprotected database of locations has been created for each user, and have even produced an app, iPhone Tracker, to demonstrate exactly how much data is being clandestinely collected.
That database - "consolidated.db" - contains latitude-longitude coordinates along with a timestamp for each point. What prompts each individual record is unknown, but it appears to be using cell-tower triangulation on devices fitted with 3G radios to pinpoint location with varying degrees of accuracy.
Location isn't the only data it seems that iOS 4.x has been gathering. A list of wireless hotspots the iPhone or iPad has connected to has also been spotted. As the researchers point out, usually data of this sort would require a court order to extract from cellphone companies, but Apple is leaving it on users' machines in plain text. Their advice, until Apple responds at least, is to encrypt your iPhone/iPad backups, which can be done by choosing "Encrypt iPhone Backup" in the Options section of iTunes.
Tracking Demo: Washington DC to New York via Amtrak:
Tracking Demo: Oxford, Cambridge and London: