Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple automatically uploading iPhone call logs to iCloud, forensics firm says [u]

Roger Fingas |

Last updated

Any iPhone user with iCloud Drive enabled is having their call logs automatically uploaded to Apple servers — without their consent, and whether or not they have backups enabled, a Russian security firm said on Thursday. [Updated with statement from Apple]

The uploads happen "almost in real time, though sometimes only in a few hours," Elcomsoft CEO Vladimir Katalov told Forbes. The logs are said to include FaceTime calls as well, and in the case of iOS 10, missed calls from third-party apps like Skype and WhatsApp.

iPhone owners can stop the uploads by disabling iCloud Drive, Katalov noted, but this cuts off other iCloud-related features and can stop some apps from working.

The data could potentially be useful to government agencies with warrants or other legal access. Officially, though, Apple says the only iCloud data it can provide to agencies includes email logs and content, text messages, photos, documents, contacts, calendars, bookmarks, and iOS device backups.

Apple also says it doesn't hold onto FaceTime call data for more than 30 days, but Elcomsoft said it was able to extract call logs going back over four months. Presumably, deleting a call from an iPhone's logs would also delete that from the iCloud Drive backup.

Apple mentions call histories being included in iCloud backups as part of security whitepaper, but it's likely that most people haven't seen the document.

iOS forensics expert Jonathan Zdziarski suggested to Forbes that the tracking is likely just an oversight related to the handoffs needed for Apple's calling technology, which for instance allows people to seamlessly shift between devices.

"They need to be able to sync a lot of that call data," he said. "I suspect whatever software engineer wrote that part of it probably decided to just go and stick that data in your iCloud Drive because that's kind of what it's purpose is."

Apple could theoretically add end-to-end encryption to iCloud, but this might create even more conflict with U.S. spy and law enforcement agencies, which are already upset about their inability to break into iOS devices. The company stores the keys for iCloud accounts at its U.S. datacenters, allowing them to serve up (readable) data on demand.

Update: An Apple spokesman has provided a statement to AppleInsider:

"We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers' data. That's why we give our customers the ability to keep their data private. Device data is encrypted with a user's passcode, and access to iCloud data including backups requires the user's Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication."

49 Comments

ericthehalfbee 13 Years · 4489 comments
About

Non-story by someone needing some free publicity for their company.

You know who else keeps a record of your calls? Your carrier. And you don't have any ability to opt-out of their tracking under any circumstances. And who knows how long they keep those records. I've looked at year-old detailed cell phone bills and seen all the numbers for incoming and outgoing calls.

Edited. Forgot one more thing. Carriers also track which cell towers your phone connects to.

avon b7 20 Years · 8046 comments
About

sog35 said:
good.

I'm sick and tired of Tim Cook's stance on privacy.

The hell with privacy. The truth is 99% of the population don't care about privacy. They just want a good product at a good price.

Its time for Apple to go head first into Advertising and Data collection ala Facebook/Google.

But one of Cook's pillars is privacy, so he would have egg whites all over his face.

That's why Cook needs to be replaced with a savy, practical, and ruthless CEO.  Cook is more fit to be a CEO of a non-profit or charity organization. His stance on privacy has literally costed Apple HUNDREDS of BILLIONS in profits.

Cook has all these pie in the sky ideals - privacy, diversity, gay rights, ect. Fine and dandy. But a CEO of the worlds most powerful company should not have its hands tied because of following those ideals. Cook should keep his personal values SEPERATE from the corporations values. All Apple should be about is providing the BEST PRODUCTS and SERVICES.......period.  If this means less diversity, less privacy, ect. so be it.

Personal and Corporate values may overlap. Privacy is a fundamental right. Protecting privacy isn't only a question of values but legislation. The problem is that legislation will always trail technological advances. Just look at the problem of drones and privacy. 

SpamSandwich 19 Years · 32917 comments
About

sog35 said:
ericthehalfbee said:
Non-story by someone needing some free publicity for their company.

You know who else keeps a record of your calls? Your carrier. And you don't have any ability to opt-out of their tracking under any circumstances. And who knows how long they keep those records. I've looked at year-old detailed cell phone bills and seen all the numbers for incoming and outgoing calls.

Edited. Forgot one more thing. Carriers also track which cell towers your phone connects to.
exactly.

This is also why its so silly that Tim Cook is so strongly pushing privacy. NO ONE CARES. NO ONE. 

90-95% of iOS users either use Facebook or Google services. So even if Apple keeps things 'private' it does not matter.

Cook needs to stop talking about privacy and get into the advertising/data collection game.  Not doing so, Cook is losing shareholders HUNDREDS OF BILLIONS.  Apple needs to collect data and advertise. Because Apple users have spoken loud and clear they DONT CARE ABOUT PRIVACY.

Please choose a different attack vector if this is going to be your latest OCD obsession. Privacy is the big differentiator between iOS and Android and that isn't going to change.

bobolicious 10 Years · 1177 comments
About

Even if the majority of individual users these post authors may be aware of may not care, there are legal jurisdictions (I am in one) that prohibit storing data beyond the immediate territorial/legal border, as it regards confidential and sensitive client data, and so in effect making iCloud illegal for use for such work... In terms of export sales with the new US governance next year could such policies become increasingly ubiquitous and restrictive? The only solutions I can think of for Apple is to either make sure one can properly turn such services off, or perhaps a macOS server version of iCloud, which could be run locally, with encryption that ensures routing (the internet routes far and wide) is secure... Given the privacy creep of all things iCloud into the OSs, I hope Apple comes up with an option that allows for legal use beyond the mindset of the US border...

eliangonzal 14 Years · 490 comments
About

sog35 said:

This is also why its so silly that Tim Cook is so strongly pushing privacy. NO ONE CARES. NO ONE. 
...
Because Apple users have spoken loud and clear they DONT CARE ABOUT PRIVACY.

Until they do. And therein is the rub.

Read More on our Forums ->
 

Sponsored Content

article thumbnail

How to stop spam calls and reclaim some sanity on your iPhone

Top Stories

article thumbnail

How Apple's smart home revolution begins in 2025

article thumbnail

AirPods Max four years later: a missed spatial computing opportunity

article thumbnail

Apple says EU interoperability laws pose severe privacy risks

article thumbnail

Don't believe what you see on TikTok - AirDrop doesn't allow thieves to steal your credit card info

article thumbnail

Holiday 2024 MacBook Buyer's Guide — Which Mac laptop you should buy?

article thumbnail

Holiday coupon: save up to $300 on every 14" & 16" MacBook Pro M4