Apple has access of iPhone owners’ call logs for up to four months through the iCloud syncing service, Russian digital forensics firm Elcomsoft told The Intercept.
Although Apple fought for user privacy earlier this year against the FBI when the agency asked the company to unlock the phone of one of the San Bernardino shooter, private information is still in jeopardy.
Elcomsoft found that Apple’s mobile devices automatically sends a user’s call log to the company’s servers if iCloud is turned on.
The call records allegedly get uploaded without a phone user’s choice or notification. The call history uploaded to Apple includes all incoming, outgoing, missed and bypassed calls made on an iOS device, along with phone numbers, dates and duration. FaceTime calls are also sent to Apple, Elcomsoft says.
The information uploaded by iCloud could be a benefit to law enforcement, since they may not be able to get their hands on data from a user’s carrier or from a person’s device if it is encrypted with a tough passcode. Also, phone providers generally keep call records for 30 or 60 days, while Apple keeps them for 4 months.
However, law enforcement might not be the only people who could gain access to this information. Hackers might also obtain the data sent to Apple from users’ devices by getting iCloud credentials
Regular calls and FaceTime call logs could be getting sent over to Apple since March 2015, when iOS 8.2. Apple’s most recent system, iOS 10, could be sending over incoming missed calls that are made through apps like Skype, WhatsApp and Viber, and those that are made through Apple CallKit, according to Elcomsoft.
iCloud allows users to sync their data across Apple devices including iPhones, iPads and Macs. When iCloud is enabled on the phone, users can choose what they want synced, like contacts, calendars, mail, reminders, browser history, notes and wallet data. However, there is not an option for regular and Facetime calls, so the only way a person can protect that data is not enabling iCloud all together.
Apple says the syncing of call records is intentional.
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson told The Intercept.
”Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication,” Apple said.
Apple devices are not the only ones syncing call logs. Android phones and Windows 10 mobile devices that use the same Microsoft Account also sync information. For Androids, syncing of call records only happens with Android 6.x and newer versions, according to Vladimir Katalov, CEO of Elcomsoft.