Apple has made it known publicly that they are a company that greatly desires privacy for its users. It steadfastly defended itself in the wake of the San Bernardino shooter case, where it would not unlock the shooter’s encrypted cell phone, which was hailed by fans of privacy in technology.
Behind closed doors, however, Apple appears to not have a solid lock on user information. According to a story on The Intercept, experts at Russian digital forensics firm Elcomsoft have found that Apple mobile devices are automatically sending users’ call history to company servers if iCloud is enabled. User data is apparently being uploaded often without user knowledge or any notification, and it includes calls and FaceTime audio and video.
The story states that call logs uploaded to Apple include calls made and received on iOS devices, with phone numbers, dates, times and duration of calls. The data is retained by Apple for up to four months. This means that law enforcement may be able to get access to data, even if the user’s device is encrypted with an unbreakable passcode.
The logged calls appear to go back to iOS 8.2, but iOS 10 users are also having third party app activity logged, including Skype, WhatsApp and Viber.
US law enforcement agencies may be able to use a court order to get direct access to the logs, since Apple owns the keys to unlock iCloud accounts, though a tool would still be needed to extract and parse the information.
Some iPhone users have figured out that this was happening, especially those who share an iCloud account on different phones, like families. There have been complaints that call histories appear on multiple devices, which makes privacy difficult.
Those who have figured out the problem say there is no button or setting to stop the logs from sending. The only way to stop it is to stop sharing the same iCloud account or not to use one.
Making things even more unsettling is the fact that photos, contacts, notes, calendars and browsing history are also stored on a user’s iCloud account, which could make themselves open to hackers and putting privacy is doubt.
Elcomsoft is releasing an update to its Phone Breaker software tool to allow call histories to be extracted from iCloud accounts, with the accountholder’s credentials. The company’s forensic tools are used by law enforcement, corporate security and consumers to extract information. Hackers could essentially get access to the user’s information to steal photos and information.
Apple has said that the syncing of call logs is intentional.
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” said an Apple spokesperson in an email as part of The Intercept story. “Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
Chris Soghoian, chief technologist for the ACLU, did not seem surprised that Apple is collecting the information.
“It’s arguably not even the worst thing about iCloud,” he told The Intercept. “The fact that iCloud backs up what would otherwise be end-to-end encrypted iMessages (which happened a few months back) is far worse in my mind. There are other ways the government can obtain [call logs]. But without the backup of iMessages, there may be no other way for them to get those messages.”
While the practice by Apple may not be unlawful, experts say that the company should be very clear with users that their data is being collected and stored in the cloud, and that they should have an opt-out.