Much hay has been made of late over your phone caching (aka "storing") your location data. It started with the realization that the iPhone was storing location data ... and storing, and storing. (And also syncing the data to the computer via iTunes.) The problem is that the data wasn't overwritten over time, so you've got a general look at where someone's been over the life of the phone.
Android does the same sort of thing, boys and girls. And it's supposed to. But it does it right. Instead of saving days and weeks and months of location data, it saves the 50 most recent cellular GPS locations, and 200 most recent Wifi fixes. And it's stored in a little file on your phone.
"But, Phil!" you cry. "That's a big security concern!" Well, yes. And, no.
First off: All those location-based services you like to use -- Google Maps, local search results, Foursquare, Gowalla, Twitter, photo geotagging, etc. -- they all use caching to speed up the process of figuring out where you are. That's what caching is, after all. Saving data (in a "cache") so that it doesn't have to be loaded from scratch each time. The browser you're reading this on likely does it, and it makes things that much easier. Same thing for smartphones.
"But, Phil!" you cry. "All of that information is cached on my phone, where anyone can get to it!" Well, sure. But, first and foremost, you need root access ("you" being an app or someone trying to get at the data). There's a handy little app called Location Cache on the Android Market that will show you just where you've been. Or, more accurately, where your phone has pinged. (I haven't actually been in Washington, D.C., in about 8 years, but my phone's pinged some Wifi access point there, somehow.) The app also gives you the option to wipe the cached location data and block further data.
But in long list of things that are on my phone that I don't want to fall into evil hands, my 50 most recent cellular pings aren't all that high. Nor are the 200 most recent Wifi locations I've pinged one way or another. Contacts and e-mail, photos, well, that's another story.
But our level of concern really comes down to this: How would someone gain access to the information? The most likely route is directly. Your phone is lost or stolen and falls into nefarious hands. Sure, it's possible you could download an evil-doing application. You might have heard about a few in the news lately. But in spite the occasional headline, data-stealing apps aren't all that prevalent. We know. We download a lot of apps around here. And your phone needs to be rooted for anyone -- or any app -- to have access to the location cache in the first place.
So what can you do? What should you do?
First thing we'd recommend is installing a security app that can locate your phone should it be lost or stolen -- and wipe it (erase all the data) if you can't recover it. There are a bunch of good security apps out there. Google 'em and take a look. It's worth taking a look at, location caching or no location caching.
Alternatively, you can shut off Android's location services and stop further caching of location data. It's in Settings>Location & Security. (The name might be slightly different depending on your phone, but we're not surprised Google associated one with the other on stock Android.)
And you might not have noticed this unless you're the type who flashes devices from scratch on a daily or weekly basis, but one of the first things Android does is ask whether you want to use the location services. It is not caching your location information without your permission, even if you never noticed it on setup.
Let's recap: The sky's not falling. Android isn't storing your location information -- and remember this is general location information and not necessarily exactly where you've been -- without your permission. And it's pretty unlikely that your cached data will fall into evil hands. And even if it does, there are ways to protect yourself.
Tonight, we'll sleep just fine.