Skip to main content

Editorial: If you want to know where I've been, all you have to do is ask

Much hay has been made of late over your phone caching (aka "storing") your location data. It started with the realization that the iPhone was storing location data ... and storing, and storing. (And also syncing the data to the computer via iTunes.) The problem is that the data wasn't overwritten over time, so you've got a general look at where someone's been over the life of the phone.

Headlines ensued.

Location cache

Android does the same sort of thing, boys and girls. And it's supposed to. But it does it right. Instead of saving days and weeks and months of location data, it saves the 50 most recent cellular GPS locations, and 200 most recent Wifi fixes. And it's stored in a little file on your phone.

"But, Phil!" you cry. "That's a big security concern!" Well, yes. And, no.

First off: All those location-based services you like to use -- Google Maps, local search results, Foursquare, Gowalla, Twitter, photo geotagging, etc. -- they all use caching to speed up the process of figuring out where you are. That's what caching is, after all. Saving data (in a "cache") so that it doesn't have to be loaded from scratch each time. The browser you're reading this on likely does it, and it makes things that much easier. Same thing for smartphones.

"But, Phil!" you cry. "All of that information is cached on my phone, where anyone can get to it!" Well, sure. But, first and foremost, you need root access ("you" being an app or someone trying to get at the data). There's a handy little app called Location Cache on the Android Market that will show you just where you've been. Or, more accurately, where your phone has pinged. (I haven't actually been in Washington, D.C., in about 8 years, but my phone's pinged some Wifi access point there, somehow.) The app also gives you the option to wipe the cached location data and block further data.

But in long list of things that are on my phone that I don't want to fall into evil hands, my 50 most recent cellular pings aren't all that high. Nor are the 200 most recent Wifi locations I've pinged one way or another. Contacts and e-mail, photos, well, that's another story.

But our level of concern really comes down to this: How would someone gain access to the information? The most likely route is directly. Your phone is lost or stolen and falls into nefarious hands. Sure, it's possible you could download an evil-doing application. You might have heard about a few in the news lately. But in spite the occasional headline, data-stealing apps aren't all that prevalent. We know. We download a lot of apps around here. And your phone needs to be rooted for anyone -- or any app -- to have access to the location cache in the first place.

So what can you do? What should you do?

First thing we'd recommend is installing a security app that can locate your phone should it be lost or stolen -- and wipe it (erase all the data) if you can't recover it. There are a bunch of good security apps out there. Google 'em and take a look. It's worth taking a look at, location caching or no location caching.

Location Cache

Alternatively, you can shut off Android's location services and stop further caching of location data. It's in Settings>Location & Security. (The name might be slightly different depending on your phone, but we're not surprised Google associated one with the other on stock Android.)

And you might not have noticed this unless you're the type who flashes devices from scratch on a daily or weekly basis, but one of the first things Android does is ask whether you want to use the location services. It is not caching your location information without your permission, even if you never noticed it on setup.

Let's recap: The sky's not falling. Android isn't storing your location information -- and remember this is general location information and not necessarily exactly where you've been -- without your permission. And it's pretty unlikely that your cached data will fall into evil hands. And even if it does, there are ways to protect yourself.

Tonight, we'll sleep just fine.

  • Nice... people hear something and it becomes a big scare story on MSNBC and all the sudden its the end of the world!
  • I've just got one question
    What application or feature are you using to get the wifi hotspots on the map
  • Its in the article; Location Cache Map. Its not showing hotspots its showing locations that the user has been to.
  • Android = LOVE
  • One thing to note: If you disable this in the wireless network settings, it will delete all your data that is currently there. If you decide to renable it, it will start from scratch. Questions though, Does this data really help? What would be a specific example where it would be used?
  • It works best with like Google Maps instead of having to reload everything, it finds your location faster in that, also when your trying to find your location in Foursquare, facebook Places, or twitter posts.
  • cool
    But wheres the podcast?
  • Washington DC most likely pinged from app.. it is typically the default server the very first time upon launch.
  • Ok so we androids have another reason to be happy that we arent iclones. But Phil, where was my podcast this past thursday sir ? I was drinking W A T E R and didnt have a podcast to listen to. :(
  • So there's a way to disable it in Android, but is there a way to disable it on the iPhone? Does Android sync this information onto your PC when you connect it? I had originally thought that all of this was due to targeted advertising, and it sent chills up my spine. *shudder* As if we already don't have enough advertising in our lives.
  • I actually prefer targeted advertising. The reason being that if I'm going to see ads, I might as well see something I very well may actually be interested in.
  • What reasons do you have to sync your Android phone with your PC? The only time I've ever plugged my phone into a PC was to transfer a file that was too big to email myself.
  • OK! Thanks for answering the question, that was really helpful! Maybe I want to load some photos or music onto my phone? Maybe I want to perform a backup? What does it matter why I've synced my phone with my PC?
  • ahh the cool voice of reason - Thanks Phil
    A guy at work is convinced that a cop on a traffic stop could ask for your phone and suck all the super secrete data out of it.
  • They can, and they are doing it in Michigan.
  • If phil doesn't like what you say, he deletes your comment...especially if it calls him out for hypocrisy. What's this open stuff? He's all for censoring your apps and comments.
  • I've called phil out before and he never deleted my posts
  • Then he didn't see it...
  • * A cache for a current location fix shouldn't need 250 data points! * The OS should let you have more control this without the need for an "app". Although it is nice that it does (at some point) ask for consent. * I would be far more worried about how much of that data is shared with Google and the "cloud", because you KNOW it is being transmitted off the phone to them and being stored. I suspect you cannot opt out of that. * Phil- your last paragraph says "Android isn't storing your location information". Yes it is! * Cell companies are already tracking every phone, where they are (in real time), and storing that information for some unknown amount of time.
  • You left out the second part of that sentence.
    Android isn't storing your location information ... without your permission.
  • Ah, right you are. Sorry, the two parts of the sentence were so far separated :)
  • So does this mean I can return my limited edition tinfoil hat I bought on ebay last week?
  • Thanks for the detailed information and valuable perspective, Phil! I find that in the desktop/laptop computing world, most users' understanding of how much information they've made available (more than they realize) and what the risk is (real, but lower than they think) tends to be lacking. It's nice to hear from a knowledgeable source on what our phones store and communicate -- AND to receive a gentle reminder that we tend to give our permission with a few quick clicks through setup screens.