iOS has always offered location services – pinpointing a user’s location using Cell-ID and Wi-Fi hotspots. Earlier devices relied on Google and Skyhook databases for the purpose. Starting from iOS 3.2, Apple has been building up their own database of location data. This data is anonimized and sent over an encrypted channel.
But the real problem is not with the collection of data by Apple but in the implementation of the idea.
The problem is that an encrypted file (named consolidated.db) on the device stores a record of all the movements of a user; that file is copied to any computer the user may have synced the device with and any backups may have been made by the user.
Anyone getting access to the encrypted data file either from the device itself ofr by hacking the device that contains a copy of the file, can easily extract a log of a user’s whereabouts over the last year.
The location logging by these devices (iPhones and 3G iPads) was publicised by Alex Levinson and some others just as early as last year though it wasn’t really a secret; it has always been mentioned in the Terms and Conditions of sale though the relevant clauses were never conspicuously visible.
There is, however, an application called “Untrackerd” (not authorised by Apple, of course!) which can be used on “unlocked” Apple devices. The more sensible thing, however, would be for Apple to give an option to users in the matter of having their movements logged or at least to make it impossible for anyone to access the data collected.