iPhones and iPads are keeping a log of where you have been

The article “Cool or Creepy? Your iPhone and iPad Are Keeping Track of Everywhere You Go, And You Can See It” [via @netzzwerg] describes that iPhones and iPads keep a log of the locations you have visited while they were switched on:
Named “consolidated.db,” the file has thousands of location data points for each of them starting at the time they respectively updated their operating systems to iOS 4 — released in June 2010. Each location point includes latitude, longitude, a time stamp, and the IP address for the wireless network their phone was accessing for service. One of the researchers had 33,000 location check-ins over seven months (including a few erroneously placing him in South America).
Warden [...] expresses concern about the fact that the history is sitting on a plain, unencrypted file on the iPhone, and then transferred to a computer any time the device is synced.
  • Partially old news: In July 2010, Apple has sent a letter to Congressmen Joe Barton and Edward Markey detailing how iOS tracks device locations [3]. The new aspect is the unencrypted file and the long time that this information is kept.
  • Why does Apple do this? There are two theories: to cache location data (for applications that need it) [2] and to build location services [3].
  • Actual threat: this data is readily accessible. Note: similar data has long been collected by cell phone network providers. In the latter case you need a court order to get the data. In the former case, access to the cell phone or (synced) desktop computer is enough.
  • Possible threat: Apple abusing the data it collects. Apple anonymizes the information before transmitting it [3], which should reduce that threat. You have to trust Apple in this case, but not more so than cell providers.
  • Protecting yourself: This data is only transmitted if location services are switched on. Obviously, this does not help you much if you need to use such services. You can make it difficult for others to access the data, by encrypting the backups on your desktop computer [1]. Tip from Marco Arment:
    You should encrypt your backups, if not for security reasons, for a big convenience gain: encrypted backups will include your email and Mobile Me passwords so you never need to re-enter them after a restore.
    On the other hand, this makes it easier for hackers to get to your iOS passwords [source, in German].
  • The file: The collected data is in ~/Library/Application Support/MobileSync/Backups/ (in your home directory).
  • Mac app for displaying the collected data on a map.
Mac application “iPhone Tracker”.
Related reading:
  1. How to encrypt your iOS backups: “iPhone and iPod touch: About backups” → “About Syncing and Backups” → “Encrypted backups”
  2. Andy Ihnatko on iOS 4's Location-Tracking Log. Quote:
    The big question of course, is why Apple is storing this information. I don’t have a definitive answer, but my little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.
  3. Why and How Apple Is Collecting Your iPhone Location Data | Gadget Lab | Wired.com. Summary:
    • GPS is tracked only if an application currently uses it [obviously to save power].
    • Quote: “[...] geodata is being tracked and transmitted to Apple only if a customer toggles the Location Services option in the settings menu to «On». If it’s off, no location-based information will be collected.”
    • Quote:
      [...] the collected geodata is stored on the iOS device, then anonymized with a random identification number generated every 24 hours by the iOS device, and finally transmitted over an encrypted Wi-Fi network every 12 hours (or later if there’s no Wi-Fi available) to Apple. That means Apple and its partners can’t use this collected geodata to personally identify a user.
      At Apple, the data gets stored in a database “accessible only by Apple,” the letter says.
    • Apple uses the location information to build location services and other applications.
    • Quote:
      [...] after that data is transmitted to Apple “every 12 hours,” Apple’s database should already have the data needed to improve your location services, and there’s no reason for it to stick around on your device — especially after 10 months. [This would support the hypothesis of [2] that keeping the data that long has been an oversight on Apple’s part.]
  4. Android phones keep location cache, too, but it's harder to access
  5. Apple Q&A on Location Data