Given how much confusing and often contradictory information has been filling the media over the last week, it wouldn't surprise me if some iPhone \n\nusers were calling in priests to exorcise the demons of privacy invasion. There are reasons to be concerned about the ways Apple, cellular carriers and third-party software developers handle your personal information, \n\nincluding location data. But how big a threat is the iPhone's penchant for holding on to a database of your locations for as long as a year? In a word: small. The chances \n\nof someone actually getting their hands on that data and finding a way to use it are remote. \n\nSlideshow: 15 Best iPhone Apps for NewbiesSlideshow: 10 iPhone and iPad Apps to Download, Then DeleteIn case you missed the brouhaha: A pair of researchers last week began a new discussion of the fact that Apple iPhones and iPads track users' locations and store the data in an unencrypted file on the devices and on owners' computers. It turns out that Google's Android phones also record and transmit a \n\ncertain amount of location data as well. Since Apple has been stubbornly silent on the matter, it's not surprising that people are confused. What's more the story has been changing on a \n\ndaily basis. Here's what you really to know about the issue: \n\n1. What data are we talking about?\nLike any cell phone, the iPhone needs to know where you are to make and receive calls or to upload and download data. It does this by deriving \n\nyour position from the location of nearby cell phone towers, or through GPS applications. In either case Apple stores that data on your iPhone and \n\nthen backs it up via iTunes. Although Apple won't confirm it the researchers who made news last week \u2014 Alasdair Allan and Pete Warden \n\n\u2014 believe the data comes from the cell towers. \n\n2. Why is the data being stored at all?\nApple isn't saying. Andrew Storms, director of security operations for nCircle, a security vendor, says it would make sense to have some of that data \n\navailable so the phone always knows where it is. Having the data in hand speeds up the process in much the same way your browser caches data so \n\nit can quickly call up a page you've already visited. What's more, it saves battery life since the device isn't working as much to determine its location. \n\nBut keeping a year's worth does not make sense, he says, adding that Apple owes users an explanation. \n\n3. Is the data encrypted?\nNo. However, the files are compressed and the file names are changed, says Michael Sutton, vice president for security research at Zscaler. He was \n\nable to read his own files by using a Unix tool called Grep. Not very many people would know how to use that tool, but Allan and Warden wrote a program that makes finding and viewing those files much easier. Remember, since the files are on your phone and on your computer, someone would have to have direct \n\naccess to those devices, either by stealing or hacking them remotely. \n\n4. Does anybody else have access to this data?\nYes and no. The data files that have everybody in a twitter (pun intended) are not leaving your computer, as near as anybody can tell. However, as \n\nnumerous criminal defendants have learned, the carriers know where you've been because the cell towers log that information. Various law \n\nenforcement agencies use that data for criminal investigations; in some cases they don't even bother to get a warrant, says Rebecca Jeschke of the \n\nElectronic Frontier Foundation, or EFF. But remember that location data is entirely separate then the logs kept in your iTunes folder. \n\n5. What about other data?\nThis gets complicated. In a letter Apple wrote last July to Rep. Ed Markey, a Massachusetts Democrat, and Rep. Joe Barton, a Texas, Republican, the \n\ncompany said it collects some location data anonymously and only when consumers agree to use its location-based services like maps, or any apps \n\nthat ask a user's location, and for its advertising system, iAd. It's not clear if the data broadcast back to Apple is the same as the data in the backup \n\nfile it keeps. \n\n6. What can I do to avoid having my location hacked or tracked?\n\u2022 It's easy to encrypt the data your iPhone backs up. Click on your device within iTunes and then check "Encrypt iPhone Backup" under the \n\n"Options" area.\n\u2022 Turn your phone off when you're in a location you'd like to keep to yourself. \n\u2022 Turn off location services by going to "Settings" and then "General." You'll notice that if you drill down one more level, there's a list of \n\napplications that use locations services; you can switch off the ones you don't use or trust. But remember, if you turn off locations services, things \n\nlike mapping will not work. \n\n7. Are other types of mobile applications grabbing my data?\nThey sure are. When Zscaler's Michael Sutton looked at the iPhone backup data on his computer, he discovered that various passwords were stored \n\nin plain text by an app that he uses fairly often. It's called JotNot Scanner Pro and it turns your iPhone into a mini-scanner for things like travel \n\nreceipts. (You can read his post here.) \n\nJotNot itself doesn't require a password, but if you use it in conjunction with say Google Docs or Evernote to store the documents you scanned, \n\nyou need those passwords \u2014 and all of them were stored in Sutton's iPhone data.Even worse, scores of mobile applications grab data such as the names in your address book, according to a study by the Wall Street \n\nJournal. Although apps are supposed to get permission from the user before accessing information on the iPhone, some do not, and there's \n\nno way to know what data is being harvested. There's a larger point here as well. Mobile apps often work in conjunction with applications and platforms you've never heard of or weren't aware \n\nof. So even if the makers of your device's operating system and applications are careful, a third party might not be, says Sutton. Apple, of course, \n\ncontrols what apps are allowed on its App Store, but the company doesn't seem to be paying nearly as much attention to the trustworthiness of \n\nthose apps as it does to their user friendliness, says Sutton. "This is Security 101," he adds. Again, the latest information leak is probably not something to be terribly worried about. But as we increasingly rely on mobile services of all \n\ntypes we may well be giving up some privacy in return for the convenience the apps offer. I honestly don't know if that's a bargain we really want to \n\nmake. But vendors like Apple and Google have the responsibility to let their customers (thats us) know exactly what's going on so we can make up \n\nour own minds. "People have the right to know if they are carrying a phone or a beacon in their pockets," says EFF's Jeschke.San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach \n\nhim at email@example.com.Follow Bill Snyder on Twitter @BSnyderSF. Follow everything from CIO.com on Twitter @CIOonline.