In the fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, as well as implementing better encryption for its products.
However, a new report from a security firm suggests Apple’s online syncing service iCloud secretly stores logs of its users’ private information for as long as four months — even when iCloud backup is switched off.
Russian digital forensics firm Elcomsoft discovered that Apple’s mobile devices automatically send its users’ call history to the company’s servers if iCloud is enabled, and stored that data for up to four months.
And it turns out that there is no way for iCloud users to stop this phone call syncing service unless they completely disable the cloud synchronization feature.
Elcomsoft, which sells software to extract data from Apple’s iCloud backups and works with police and intelligence agencies, says the company should tell its customers exactly what personal data it is backing up—and should give users an easy option to turn it off.
Why does this Matter?
If you own an iPhone or iPad, your device automatically collects and transmits private information — including call history, phone numbers, dates, the length of calls, missed calls, FaceTime calls — to iCloud if it is enabled.
Not just this, your iPhone also send information collected from other third-party applications that use VoIP service, including WhatsApp, Skype, Viber, and Facebook Messenger.
“We discovered that yet another piece of data is stored in the cloud for no apparent reason,” Elcomsoft’s Oleg Afonin writes. “Using an iPhone and have an active iCloud account? Your calls will sync with iCloud whether you want it or not.”
Apple stores this information for as long as 4 months, and while the company encrypts everything, Privacy buffs note that Apple could become an easy target for law enforcement seeking access to user data.
The security firm also raised doubts over possible government surveillance that could be performed.
What’s more? Elcomsoft says that the logs are uploaded from any iPhone which has iCloud Drive enabled and that this effectively allows spying on you “without you even knowing.”
“Syncing call logs happens almost in real time, though sometimes only in a few hours,” says Elcomsoft CEO Vladimir Katalov. “But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case, many applications will stop working or lose iCloud-related features completely.”
Apple: No Need to Worry
However, Apple says there is no reason to worry.
Yes, the company says there is nothing wrong with its feature, as it is simply part of its iCloud service that allows its users to access their calls from any of their devices that use an Apple ID.
Moreover, Apple guarantees that all of its customers’ data is encrypted and two-factor authentication provides an extra layer of security for blocking any hacking attempts from hackers or law enforcement.
Here’s what the company said in the statement:
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers’ data. That is why we give our customers the ability to keep their data private. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
So, as long as you keep your Apple ID to yourself and use a strong password, you do not need to freak out over this report of your call logs being “secretly” sent to Apple.
Disable iCloud Drive to Prevent Apple from Logging Your calls
The solution? At the time, the only way to prevent Apple from logging your call history is to simply disable iCloud Drive altogether.
Besides this, you can also manually delete every call entry from your iPhone or iPad, and this will automatically remove the data from iCloud on the next backup.
Apple is not the only company that syncs its users’ call logs to the cloud. Android smartphones also sync its users’ call logs to the cloud as part of backups. Windows 10 mobile devices also sync call logs by default with other Windows 10 devices that use the same Microsoft account.