Apple automatically uploading iPhone call logs to iCloud, forensics firm says [u]
Any iPhone user with iCloud Drive enabled is having their call logs automatically uploaded to Apple servers — without their consent, and whether or not they have backups enabled, a Russian security firm said on Thursday. [Updated with statement from Apple]
The uploads happen "almost in real time, though sometimes only in a few hours," Elcomsoft CEO Vladimir Katalov told Forbes. The logs are said to include FaceTime calls as well, and in the case of iOS 10, missed calls from third-party apps like Skype and WhatsApp.
iPhone owners can stop the uploads by disabling iCloud Drive, Katalov noted, but this cuts off other iCloud-related features and can stop some apps from working.
The data could potentially be useful to government agencies with warrants or other legal access. Officially, though, Apple says the only iCloud data it can provide to agencies includes email logs and content, text messages, photos, documents, contacts, calendars, bookmarks, and iOS device backups.
Apple also says it doesn't hold onto FaceTime call data for more than 30 days, but Elcomsoft said it was able to extract call logs going back over four months. Presumably, deleting a call from an iPhone's logs would also delete that from the iCloud Drive backup.
Apple mentions call histories being included in iCloud backups as part of security whitepaper, but it's likely that most people haven't seen the document.
iOS forensics expert Jonathan Zdziarski suggested to Forbes that the tracking is likely just an oversight related to the handoffs needed for Apple's calling technology, which for instance allows people to seamlessly shift between devices.
"They need to be able to sync a lot of that call data," he said. "I suspect whatever software engineer wrote that part of it probably decided to just go and stick that data in your iCloud Drive because that's kind of what it's purpose is."
Apple could theoretically add end-to-end encryption to iCloud, but this might create even more conflict with U.S. spy and law enforcement agencies, which are already upset about their inability to break into iOS devices. The company stores the keys for iCloud accounts at its U.S. datacenters, allowing them to serve up (readable) data on demand.
Update: An Apple spokesman has provided a statement to AppleInsider:
"We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers' data. That's why we give our customers the ability to keep their data private. Device data is encrypted with a user's passcode, and access to iCloud data including backups requires the user's Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication."