Files containing coordinates for longitude and latitude and the time that the information was recorded are automatically copied and stored, without protection, on a user's computer when the device is connected to the machine, the researchers said.
The data is recorded on Apple's iPhones and 3G iPads using the software firm's latest mobile operating system iOS 4, researchers Alasdair Allan and Pete Warden said.
"The coordinates aren't always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically around a year's worth of information at this point," Allan and Warden told the O'Reilly Radar blog.
Users are informed when Apple accesses global positioning system technology (GPS) to tell a user exactly where they are using satellites. An icon appears on the user's screen to tell them that GPS is active.
Allan and Warden's research suggests that the company also uses other location tracking methods that users have not previously been aware of.
"As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think you’re several miles from your actual location, but these tend to be intermittent glitches," Allan and Warden said answering most asked questions about the discovery.
"The cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world. Beyond this, there is even more data that we have yet to look at in depth," the researchers said.
"I discovered a list of hundreds of thousands of wireless access points that my iPhone has been in range of during the last year," Allan said.
The researchers' revelation has caused concern among privacy groups.
"This information being stored on the device raises concerns about access by third party iOS apps who collect data and share with advertisers, by police and border controls agencies that in many countries routinely look through phones without warrants, as well as access concerns if the phone is lost," Simon Davies, director of watchdog Privacy International, said
"We know that this is a file on the device, on the computer, and is transferred to new devices. We are also aware that there is no available information on whether this file is ever actually accessed by Apple or by third parties. This is why we would like to know more," Davies said.
Apple has not yet offered a response to Allan and Warden's research, but the company does allude to file storage in its terms and conditions.
"We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behaviour and improve our products, services, and advertising," it says.
Allan and Warden said that Apple gave others the chance to see where you had been.
"By passively logging your location without your permission, Apple [has] made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements," Allan and Warden said in answering FAQs.
Allan and Warden have built a program that allows iPhone or iPad users to view about their movements on a map. They said that the program deliberately reduces the accuracy of the information to prevent the program being misused.
The researchers said people can protect access to their location data by encrypting the files in iTunes, the content management system for Apple devices.