There's a lot of stuff thats being reported about this that is somewhere between sensationalist and wrong. The "researchers" who published this have been pretty sloppy in what they are claiming. I've helped out police forces with using extracting and trying to use this data, over a number of years so I've a reasonably good idea what is there and what isn't.
The data is not new to iOS 4, it has been there at least back to iOS 2, its just the name of place that it is stored is different.
This existence of this data isn't secret, the use of this data is the subject of a session for Apple Developers at the World Wide Developers Conference each year - usually something like "Using Location Services in iOS" or similar in title.
The location data is not the GPS location of the user, it is the location of cell towers the phone can see. All the location data is time stamped, and stamped with the carrier network ID, and the ID of the individual and there's no way you can be in 3, or 6, or 9 different locations at the same time. Depending on how many cell towers were visible, all this tells you is that the phone was within maybe a few km, but up to 25-50km of the tower. If you then take that data and use it to triangulate the users location, you'd typically get a location that was at best accurate to a bit under 1km, and more likely a few km.
The collecting of the data isn't continuous, it appears to be event based. Anecdotally - the phone waking from sleep and reconnecting to the carrier network appears to be one of the events, as is rebooting the phone, and re-connecting to the carrier's network when you come out of a dead spot. It seems plausible, that it may also be snapshotted every time Location Services is fired up, eg by launching the Maps App and consenting to use of location services. That pattern of even driven acquisition would explain the differences that various people out there on the net report.
Similar data is also being tracked and logged by the carrier, but in their case, its harder to get to as it is sitting on carrier systems on their internal network. That is true for all phones. In this case, the data is pretty easy to get to if you have physical possession of the phone.
Thats good enough to tell that you actually went off to Hawaii with your mistress when you told your wife you were going on a work trip to California, but for most people , most of the time, it will only be pretty vague as to where they where - knowing that you are in Baltimore when thats where you live and work isn't that big a revelation.
If the user of the phone opts out of Location Services, the file isn't updated. This is done from Settings.
Like all files that need to be read/written in the background by the system, its always readable to root - it isn't readable (directly) to Apps , although they benefit from it indirectly by Location Services calls responding faster. If you jailbreak your phone, then Apps can read this data and transmit it for their own purposes.
Files in that data protection class can be recovered off the filesystem over USB tether. Technically it is encrypted, but the encryption is really only of use for a fast remote wipe of the device, and it isn't being encrypted in a class that increases the security of the data.
It does reside in the backup, so thats certainly a good reason to always encrypt your iPhone backups and use a strong passphrase for them.
Apple has also been clear in its earlier deposition response as to how user location data is anonomised when it is collected.
Its entirely possible that the persistence of the file is actually a bug - I can see why it would be useful to cache it for a few days to maybe a month at the high end, but back to the start of the epoch seems excessive. In my view its the persistence of the file thats the biggest issue. That not hard for them to fix.
So its bad, but its nowhere near as extreme a situation as what some people are saying.
