Apple has long been a champion of user privacy, with the famous San Bernadino battle with the FBI a frequently cited example of the company protecting its users’ rights. However, the company hasn’t always been forthright when it comes to communicating what it stores and shares.
A little over a month ago, it was revealed that Apple may be sharing iMessage logs with authorities when requested. Now, the California-based tech giant is being accused of storing call logs on its servers without a loud-and-clear intimation to its users. The Intercept reports of Russian digital forensics firm Elcomsoft, which says that starting with iOS 9, Apple backs up the user’s call history if iCloud – the service that syncs information like contacts, reminders, photos etc across Apple devices – is enabled. The logs uploaded include phone numbers, date, time, and duration.
It’s no secret that Apple would backup call logs, so that users get consistent information across all of their Apple devices registered with the same Apple ID. In fact, when you restore a device from an iCloud backup, the call history is also restored, so it should be obvious to everyone that the call logs are being sent to the cloud for backup.
Soon after the story broke, an official Apple spokesperson told Intercept, “We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication”.
The service is under fire for not being forthcoming to the user that such information is being synced. “You only need to have iCloud itself enabled”, says Vladimir Katalov, CEO of Elcomsoft. While you have granular controls to disable syncing of contacts, reminders, notes, calendars, safari browsing data etc, there’s no switch to enable or disable the logging of calls. Also, since iOS 10, calls made from third-party VoIP services like WhatsApp, Facebook Messenger, or Skype are also integrated into the call history. These details too, are subject to backup, as are FaceTime calls.
Jonathan Zdziarski is an iOS forensics expert and security researcher, who suggests that since Apple holds the encryption keys to iCloud data on servers, it can access your call logs and other information any time it wants, or any time the authorities want.
According to the report, other mobile operating systems like Android 6.0 and above and Microsoft’s Windows 10 mobile also sync call logs. It adds, “As with Apple devices, the only way for a user to disable the call history syncing is to disable syncing completely.”
Which, as it turns out, isn’t exactly true, as Rene Ritchie of iMore points out that disabling iCloud Drive also disables call history sync. Now that’s far from ideal, and you’d ideally want more gradual control over this, but it’s a solution. Katalov is of the opinion that Apple should provide a switch “to disable call log syncing, like they do for other things,” which sounds like a fair requirement.
Apple is reportedly also not very clear about how long it stores call log backups. A document that details Apple’s processes for handling law enforcement requests mentions that it stores call histories associated with FaceTime for up to 30 days, but Katalov insists this is not true – FaceTime call logs are stored for as long as four months, he says.
While not much can be done about what Apple shares with law enforcement authorities when it’s forced to do so, another bone of contention is how hackers can access the data if they get a hold of the account holder’s credentials, like Apple ID. Elcomsoft itself provides a Phone Breaker tool that can allow access to iCloud backups even without the credentials, as long as an authentication token for the account can be obtained. The tool has now been updated to extract call histories using account credentials or authentication tokens. It gets worse though, as users won’t even be notified if call histories are extracted.
“Generally, if someone were to attempt to download data in an iCloud account, the system would email a notification to the account owner. But Katalov said no notification occurs when someone downloads synced call logs from iCloud,” the report adds.
iCloud on many occasions has become the weakest link in Apple’s privacy-first approach. In the Intercept report, Chris Soghoian, chief technologist for the American Civil Liberties Union, adds that call log backups “are not even the worst thing about iCloud”. The fact that iMessage conversations are backed up on Apple servers, the encryption keys which again, the company holds, is far worse according to him.