Elcomsoft, a Russian company responsible for producing and selling tools to governments and large companies for cracking iPhones, has dropped a privacy bombshell on Apple with claims that the Cupertino-based company’s iPhone sends near real-time call logs back to Apple iCloud servers from a user’s device.
Anyone who has used multiple iOS devices will know that call logs, as well as other information, is generally available across all devices using the same Apple ID via iCloud, but the company has also stipulated that the data is still transferred even when iCloud backup is turned off, and is held by Apple for up to four months.
Vladimir Katalov, the current CEO of Elcomsoft, has added additional fuel to fire by also confirming that the introduction of iOS 10 has expanded that logging by including additional information, as well as information pulled from other apps, such as WhatsApp and Skype, however this is likely due to CallKit API in iOS 10:
All FaceTime calls are logged in the iCloud too, whilst as of iOS 10 incoming missed calls from apps like WhatsApp and Skype are uploaded. Syncing call logs happens almost in real time, though sometimes only in a few hours. But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case many applications will stop working or lose iCloud-related features completely.
This discovery was always going to be a hot debate topic, especially given how public and vocal Apple is about protecting customer’s privacy and data. However, one of the biggest names in iOS forensics, Jonathan Zdziarski, has used an interview with Forbes to make public his belief that this is more likely to be an engineering oversight on Apple’s part rather than a physical and deliberate attempt to keep consumers in the dark about the information that it collects.
We’re used to seeing people actively question the activity of companies like Apple, but rarely are we used to seeing replies from the company almost immediately. In this instance, Apple has immediately issued a statement as a direct response to the claims:
We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers’ data. That’s why we give our customers the ability to keep their data private. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.
Apparently, turning off iCloud Drive stops sending logs to Apple’s servers.
You may also like to check out:
- iOS 10.2 Makes Encrypted iTunes Backups Safe Again
- Jailbreak iOS 10 / 10.1.1 / 10.0.2 / 10.2 For iPhone, iPad, iPod touch [Latest Status Update]
- Download iOS 10, 10.1.1, 10.2, 10.0.2 Links & Install On iPhone 7, 6s, 6, Plus, SE, 5s, 5c, 5, iPad, iPod [Tutorial]