Security Firm Finds Apple Stores Call History From Every iPhone


Apple takes privacy very seriously — much more seriously than most of its rivals — but it seems it’s not quite as innocent as it makes out. A Russian security firm has discovered that the company is pulling call history from every iPhone that has iCloud enabled.

Elcomsoft found that Apple uploads call history without giving users a choice or even making them aware of the process. The history contains a list of calls made, complete with dates, times, durations, and phone numbers.

It even includes missed and bypassed calls, FaceTime logs, and records from apps that can integrate into call history in iOS 10, such as Facebook, WhatsApp, and Viber. Elcomsoft believes Apple has been fetching call data since the release of iOS 8.2 in March 2015.

That data is then stored for four months, according to Elcomsoft, and could be available to law enforcement agencies that are unable to obtain such records from a carrier, or a user’s device when it is protected with a passcode.

“Absolutely this is an advantage [for law enforcement],” Robert Osgood, a former FBI supervisory agent who now directs a graduate program in computer forensics at George Mason University, told The Intercept.

“Four months is a long time [to retain call logs]. It’s generally 30 or 60 days for telecom providers, because they don’t want to keep more [records] than they absolutely have to. So if Apple is holding data for four months, that could be a very interesting data repository and they may have data that the telecom provider might not.”

Elcomsoft is now releasing a tool called Phone Breaker that allows these call histories to be extracted from iCloud. Its forensic tools like this one are used by law enforcement, corporate security departments, and even consumers, and account credentials aren’t always needed.

“Apple’s collection of call logs potentially puts sensitive information at the disposal of people other than law enforcement and other Elcomsoft customers,” warns The Intercept. “Anyone else who might be able to obtain the user’s iCloud credentials, like hackers, could potentially get at it too.”

Apple has confirmed that it fetches call history, and insists that it does so for the convenience of its users; it allows us to return calls from any of our iOS devices. However, Apple adds that the data is protected by your passcode and iCloud login information.

Chris Soghoian, chief technologist for the American Civil Liberties Union, says that this isn’t even the worst thing about iCloud, which also backs up all our iMessages, which are otherwise end-to-end encrypted.

“iCloud really is the Achilles heel of the privacy of the iPhone platform,” he said. “The two biggest privacy problems associated with iCloud don’t have check boxes [for users to opt out], nor do they require that you opt in either.”

The only way to prevent this, then, is to avoid using iCloud altogether. But this is becoming increasingly difficult as more and more third-party apps and games rely on iCloud to sync data. Without it, there’s a negative impact on user experience.

Of course, users can disable certain things, like backing up notes, contacts, calendars, and web history. However, there is no way to disable call history syncing. The good news is, any calls you delete on your iOS device are also deleted from the iCloud backup.

Elcomsoft wants Apple to make call history syncing optional, so that users have the option to disable it. If enough users are upset by Elcomsoft’s findings, that could well be a change Apple makes to iCloud in the future. For now, however, there’s little you can do.

[via The Intercept]