April 21, 2011— -- Less than a day after a pair of security researchers revealed that the Apple iPhone and iPad 3G record the device's location history, Senator Al Franken, D-Minn., fired off a letter to Apple CEO Steve Jobs demanding that the company explain why.
On Wednesday, Alasdair Allan and Pete Warden shared their research showing that, since Apple released its latest iOS4 mobile operating system, the iPhone and iPad 3G have been storing unencrypted and unprotected logs of users' geographic coordinates in a hidden file.
In a post about their discovery Wednesday, Allan and Warden wrote, "We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations."
The researchers' findings ignited criticism from digital rights activists and led to an immediate response from lawmakers.
"The existence of this information -- stored in an unencrypted format -- raises serious privacy concerns," Franken wrote in his letter to Jobs. "Anyone who gains access to this single file could likely determine the location of the user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken -- over the past months, or even a year."
Not only could the information be accessed by criminals, it appears that the location information for the millions of children and adolescents who use the iPhone could be at risk, Franken wrote.
Franken concluded with a list of nine questions he wants Apple to answer, including explanations of why the company is gathering the data, why is it not encrypted, why Apple consumers were never explicitly informed of the data collection and to whom (including Apple) has the data been disclosed.
Apple did not immediately respond to requests for comment from ABCNews.com.
Lawmaker: 'Deeply Disturbed by This Report'
Rep. Jay Inslee, D-Wash., a member of the House Energy and Commerce Committee, also criticized Apple in a statement, Politico reported.
"I'm deeply disturbed by this report," Inslee said, adding that "current law fails to ensure consumers are protected from privacy violations."
"I intend to ask Apple and the federal agencies charged with oversight some very direct questions to understand the frequency and extent of this data collection and the use, protection and sharing of this sensitive information. This episode, and many others, illustrates the need for enhanced government oversight of data collection activities," he told Politico.
Researchers' Web Application Plots iPhone Owners' Location History
To show users the data recorded by Apple's devices, Allen and Warden created a Web application that plots a user's iPhone data on a map. Once downloaded to the computer users sync with their Apple device, the application scans through backup files to look for the hidden file with the location information. When it finds the relevant file, the application shows the location history on a map.
The researchers said they believe that the coordinates of the phone are determined by cell-tower triangulation. The location data aren't always precise, but they said the phones may have recorded up to tens of thousands of data points. However, there's no evidence that the data is being transferred beyond the devices or computers that sync with them, they said.
Digital rights activists say that this latest Apple finding is another example of the risks related to location information.
"These location records can reveal a wealth of sensitive information about you: your attendance at a gun rally or prayer meeting, your frequent visits to a health clinic and more," said Chris Conley, a technology and civil liberties fellow at the ACLU of Northern California. "Control over this information needs to be in your hands, not Apple's."