Skip to main content

Apple appears to be storing a log of the numbers you enter into iMessages

apple ios developer academy logo
Image used with permission by copyright holder
Apple has said it doesn’t store the contents of messages sent via its iMessage texting service. Indeed, it contends that such record keeping would be useless since the contents of such messages are encrypted on the devices from which they’re sent — the iPhone maker said it can’t “scan … communications” or “comply with a wiretap order” even if it wanted to.

But those same protections, it turns out, don’t necessarily extend to SMS messages. According to The Intercept, receipts of SMS texts sent via the Messaging app on iOS are routinely copied to Apple’s servers.

This is the result of a worrisome — and perhaps inherent — quirk in the way iMessage differentiates between messages sent via SMS, a cellular carrier standard known as Short Messaging Service, and iMessage, Apple’s internet-based alternative. According to internal documents obtained by The Intercept from the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, an agency that coordinates the state’s electronic policies, every text sent via the iOS Messaging app triggers a query of Apple’s servers.

The servers determine whether to route the text over a carrier’s SMS network or Apple’s platform — practically speaking, whether the message appears in a green bubble (SMS) or a blue bubble (an iMessage) — and record the results of the resulting transaction. A typical log includes the sender and recipient’s phone numbers, the date and time, and the IP address of the sending device, according to The Intercept.

It paints a stark picture. Additional material obtained by The Intercept suggests that Apple maintains a running log of phone numbers users have entered into the Messages app; that numbers entered into other iOS apps, like the Contacts app, may find their way into said logs; and that the company may collect new metadata as frequently as “[every time] you open a new chat window and select a contact or number with whom to communicate.”

Apple said that it stores the information, known as “metadata,” for a period of 30 days, but The Intercept notes that a court order could extend that retention period by an additional 30 days. The limit, then, is essentially an arbitrary one — there’s nothing preventing law enforcement from filing subsequent extensions, potentially prolonging storage for months on end. “A series of … log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.

Worse still, under laws governing the use of surveillance devices known as “pen register” and “trap and trace,” Apple is compelled to turn over data “relevant to an ongoing criminal investigation.”

“When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession,” an Apple spokesperson told The Intercept. “In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.”

For privacy-conscious  users, there is some light in the gloom. Apple’s records don’t appear to differentiate between iMessage conversations and numbers entered but never contacted — law enforcement would be unable to tell, for example, whether or not you contacted a known drug dealer or just dialed the number by mistake. But as The Intercept notes, a list of assumed associates can be at the very least sensitive, and at the very worst compromising.

And Apple’s iMessage metadata policies appear to conflict with the company’s messaging: that its users’ data remains private, secure, and for the most part tucked away from prying eyes. “Your iMessages and FaceTime calls are your business, not ours,” an FAQ response on the company’s website reads. “Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications.”

It’s a reiteration of a statement made by the Cupertino, California-based company following revelations regarding the U.S. National Security Administration’s domestic surveillance efforts. After it was revealed that Apple was among the tech companies implicated in a program known as PRISM, which provided the agency nearly unfettered access to nine of the country’s leading internet companies, Apple reaffirmed its commitment to “customer privacy,” insisting that it “[could] not decrypt” iMessage … [data]” and that it “did not store data related to customers’ location … in any identifiable form.”

It’s hardly the first controversy over the degree to which messaging services disclose — or don’t disclose — information regarding communications. Just last week, privacy advocates, among them CIA and NSA whistleblower Edward Snowden, criticized search giant Google’s new messaging platform, Allo, for failing to encrypt messages by default and storing chat logs indefinitely. Facebook-owned texting platform WhatsApp has been repeatedly blocked in countries such as Brazil as a result of the service’s end-to-end encryption model. And a report in Motherboard revealed that the Royal Canadian Mounted Police, a branch of Canadian law enforcement, possessed the master encryption key necessary to decrypt over one million messages sent via BlackBerry’s BBM service between 2010 and 2012.

Apple has yet to respond more substantively to The Intercept’s accusations, but time will tell whether the company, which fiercely combated the FBI’s recent efforts to implement a backdoor in iOS, considers it a fight worth waging.

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Android phones are about to get a major iMessage feature
Google Messages app on a Pixel 8 Pro, showing an RCS Chat message thread.

Being able to edit sent messages is a popular feature on messaging apps like iMessage and WhatsApp. However, it has yet to arrive to the masses via the Google Messages app on Android phones. Thankfully, that could change very soon.

On X (formerly Twitter), Jhow_kira has shared two screenshots demonstrating how the Google Messages editing feature will work in an upcoming software version. Some Android users, including the X poster, are currently testing this new feature.

Read more
Apple’s new iPad Pro keyboard is a bigger deal than you think
iPad Pro with Magic Keyboard.

A fresh crop of iPads is here, and this time around, Apple pulled out all the stops. The new models feature an OLED display, new Pro apps, the thinnest chassis ever, and a next-gen M-processor that has yet to appear elsewhere save for the new iPad Pros. Starting at $999, Apple is charging quite some premium for its new slates. But what truly stood out to me was the new Magic Keyboard — and for multiple reasons.

This one has a full row of function keys and a dedicated escape button. For a device that wants to compete with a laptop, the lack of an escape key was quite a bummer, as was the lack of quick-control function keys. Heck, the Magic Keyboard for the base iPad got that perk, so it was an overdue tweak for the flagship iPadss.

Read more
The Apple Watch is the best iPhone camera accessory you didn’t know you needed
A person wearing an Apple Watch Series 9, made for the OuttaFocus column.

Photo taken with an iPhone 15 Pro Max controlled using an Apple Watch Series 9. Andy Boxall / Digital Trends

Smartwatches and cameras rarely go together very well. We’ve seen smart wristwear with cameras fitted in the past, but the combination wasn’t very successful, and few manufacturers even bother today.

Read more