Home
Mobiles
Mobiles News
Apple Accused of Storing Call Logs on iCloud Servers Without an Easy Opt Out

Apple Accused of Storing Call Logs on iCloud Servers Without an Easy Opt-Out 4l5348

By Rohan Naravane | Updated: 18 November 2016 16:31 IST

Highlights

Apple backs up call logs to sync them across your multiple devices
Call logs are also saved as part of iCloud backups
That's how you see your call history when you move to a new iPhone

ment

Apple has long been a champion of privacy, with the famous San Bernadino battle with the FBI a frequently cited example of the company protecting its s' rights. However, the company hasn't always been forthright when it comes to communicating what it stores and shares. 5354

A little over a month ago, it was revealed that Apple may be sharing iMessage logs with authorities when requested. Now, the California-based tech giant is being accused of storing call logs on its servers without a loud-and-clear intimation to its s. The Intercept reports of Russian digital forensics firm Elcomsoft, which says that starting with iOS 9, Apple backs up the ’s call history if iCloud - the service that syncs information like s, reminders, photos etc across Apple devices - is enabled. The logs ed include phone numbers, date, time, and duration.

It’s no secret that Apple would backup call logs, so that s get consistent information across all of their Apple devices ed with the same Apple ID. In fact, when you restore a device from an iCloud backup, the call history is also restored, so it should be obvious to everyone that the call logs are being sent to the cloud for backup.

Soon after the story broke, an official Apple spokesperson told Intercept, “We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Device data is encrypted with a ’s code, and access to iCloud data including backups requires the ’s Apple ID and . Apple recommends all customers select strong s and use two-factor authentication”.

The service is under fire for not being forthcoming to the that such information is being synced. “You only need to have iCloud itself enabled”, says Vladimir Katalov, CEO of Elcomsoft. While you have granular controls to disable syncing of s, reminders, notes, calendars, safari browsing data etc, there’s no switch to enable or disable the logging of calls. Also, since iOS 10, calls made from third-party VoIP services like WhatsApp, Facebook Messenger, or Skype are also integrated into the call history. These details too, are subject to backup, as are FaceTime calls.

Jonathan Zdziarski is an iOS forensics expert and security researcher, who suggests that since Apple holds the encryption keys to iCloud data on servers, it can access your call logs and other information any time it wants, or any time the authorities want.

According to the report, other mobile operating systems like Windows 10 mobile also sync call logs. It adds, "As with Apple devices, the only way for a to disable the call history syncing is to disable syncing completely."

Which, as it turns out, isn't exactly true, as Rene Ritchie of iMore points out that disabling iCloud Drive also disables call history sync. Now that's far from ideal, and you'd ideally want more gradual control over this, but it's a solution. Katalov is of the opinion that Apple should provide a switch “to disable call log syncing, like they do for other things,” which sounds like a fair requirement.

Apple is reportedly also not very clear about how long it stores call log backups. A document that details Apple's processes for handling law enforcement requests mentions that it stores call histories associated with FaceTime for up to 30 days, but Katalov insists this is not true - FaceTime call logs are stored for as long as four months, he says.

While not much can be done about what Apple shares with law enforcement authorities when it's forced to do so, another bone of contention is how hackers can access the data if they get a hold of the holder's credentials, like Apple ID. Elcomsoft itself provides a Phone Breaker tool that can allow access to iCloud backups even without the credentials, as long as an authentication token for the can be obtained. The tool has now been updated to extract call histories using credentials or authentication tokens. It gets worse though, as s won't even be notified if call histories are extracted.

"Generally, if someone were to attempt to data in an iCloud , the system would email a notification to the owner. But Katalov said no notification occurs when someone s synced call logs from iCloud," the report adds.

iCloud on many occasions has become the weakest link in Apple’s privacy-first approach. In the Intercept report, Chris Soghoian, chief technologist for the American Civil Liberties Union, adds that call log backups “are not even the worst thing about iCloud”. The fact that iMessage conversations are backed up on Apple servers, the encryption keys which again, the company holds, is far worse according to him.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.