-- The cache is good
Let's be clear: the cell/hotspot lookup caching was undoubtedly an innocently added coding feature.
- Most developers would've added some kind of cache, and here's why:
Think about how often your device sees your home WiFi hotspot or cell tower. Now imagine if your (and everyone else's) device was constantly looking up the same location from Apple or Google every time you took a photo at home or did a search or used Yelp or Facebook or whatever.
All those extra lookups, tiny as they are, would cause unnecessary battery, data and network usage. (If the Verizon iPhone actually has no such cache, then I see that as a small disadvantage... the network can handle it, but it's still extra battery usage for no good reason.)
- So cache = good idea. It's being unencrypted that was a bad idea.
-- Revealing the cache was not good
This is the debatable part, so feel free to disagree.
IMO, publicizing the file and someone providing apps to display this information before it was fixed, was irresponsible. That's just grandstanding, and quite probably also put some people's lives at risk because of the sudden ease of access it gave, and the nature and depth of the information.
They claim they contacted Apple's Product Security Team, although they didn't say how long ago. If they wanted to be hotshots, they could've issued an ultimatum to Apple. It's been done before:
Does everyone remember the very first iPhone 1.01 update? It was forced out of Apple because a huge security hole in Safari was threatened to be publicly revealed the next day.
So these guys could've made news anyway, but _after_ the bug was fixed. (Yes, I know the flaw was in a book by a different researcher, but that doesn't mean anyone at Apple or Google in a responsible position knew about it.)
