Researchers Pete Warden and Alasdair Allan have discovered that iPhones and 3G iPads regularly record your position into a hidden file called consolidated.db. Ever since you upgraded to iOS 4, your device has been storing a long list of latitude-longitude coordinates and timestamps. The coordinates aren't always exact, but there are typically tens of thousands of data points. The location is likely being determined by cell-tower triangulation, either triggered by traveling between cells or activity on the device itself. Furthermore, all this data is being stored across backups, and even device migrations, according to O'Reilly.
The presence of this data on your iPhone, your iPad, and your backups has serious privacy implications. To make matters worse, the file with said data is unencrypted and unprotected, and it's on any machine you've synced with your iOS device. If your device is stolen, the perpetrator can jailbreak it and easily access the file in question, and will be able to see where you've been over the last year, since iOS 4 was released.
Cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world. If you want to protect your data, you can encrypt your backups through iTunes (click on your device within iTunes and then check "Encrypt iPhone Backup" under the "Options" area). Warden and Allan also built iPhone Tracker, an application that lets you look at your own data. The application and its source can be downloaded from our download section.
The good news is that there is no evidence to suggest this data is leaving your custody. Still, it's not clear why Apple is gathering this data, although the way it is implemented shows that it is intentional. Apple has yet to release a statement in regards to this issue.