A Russian company has warned today that Apple has a secret feature in iPhones where the company sends near real-time call logs to Apple servers even when iCloud backup is switched off. These call logs are stored for up to four months, without user consent.
Apple automatically uploads iPhone call history to iCloud
Elcomsoft, a Russian company, famous for selling iPhone cracking tools to governments and corporations told Forbes that the feature is automatic without any ability for iPhone users to turn if off, except for completely shutting down the iCloud Drive. It is a known fact that iCloud backups store call logs, among other personal data. But, Elcomsoft CEO Vladimir Katalov says even if those backups are disabled, the call logs continue to make their way to the iCloud.
Syncing call logs happens almost in real time, though sometimes only in a few hours. But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case many applications will stop working or lose iCloud-related features completely.
All FaceTime calls are logged in the iCloud too, whilst as of iOS 10 incoming missed calls from apps like WhatsApp and Skype are uploaded.
The company believes that automated iCloud storage of call logs would be beneficial for law enforcement. Apple currently allows LEAs access to iCloud backup data with a court order. But the Cupertino tech giant has failed to inform its users that it stores real-time call logs even when backups are disabled. Katalov also challenged Apple’s statement on its website that it only stores FaceTime call logs for 30 days.
“Synced data contains full information including call duration and both parties. We were able to extract information going back more than four months,” Elcomsoft said in a statement.
When talking to Forbes, the tech company said syncing does exist. However, it didn’t comment or clarify the specific claims made by Elcomsoft. Here’s what Apple’s statement said:
We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers’ data. That’s why we give our customers the ability to keep their data private. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.
Last month, Elcomsoft also revealed that Apple failed to secure its iTunes backups, making it easier for criminals to access user information. As a result, Apple sent an update to iOS 10 to improve backup security. If it’s another oversight by Apple rather than an intentional attempt to obfuscate information that the company holds, then we might see the company sending a software update to fix the security loophole.