The iPhone is known around the world for its security, and Apple has become somewhat of a champion of user privacy. Turns out, however, the device may not be as privacy aware as previously thought.
According to Russian digital forensics firm Elcomsoft, the iPhone is sending near real-time call logs to Apple’s servers whether iCloud backup is switched on or off. Not only that, but those call logs are stored for up to four months. It’s not just traditional call logs either — Elcomsoft CEO Vladimir Katalov says that logs from FaceTime are also being stored.
“Syncing call logs happens almost in real time, though sometimes only in a few hours,” said Katalov in an interview with Forbes. “But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case, many applications will stop working or lose iCloud-related features completely.”
While it would be easy to start pointing fingers, there’s a chance that it was simply an oversight by Apple. That’s what iOS forensics expert Jonathan Zdziarski told Forbes, saying it was more likely than not due to an engineering issue that had something to do with how Apple handles handoffs of calls between the iPhone and a desktop computer.
Apple has indicated in the past that it plans on implementing full end-to-end encryption for iCloud backups. Currently, backups are encrypted, but Apple is able to access them — with end-to-end encryption, not even Apple would have access to personal data. That would also prevent law enforcement from being able to order Apple to hand over data. Apple is very open about the fact that it currently allows law enforcement to access iCloud backups if they have a court order.
