Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification.“You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft.
The logs surreptitiously uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls. Elcomsoft said Apple retains the data in a user’s iCloud account for up to four months, providing a boon to law enforcement who may not be able to obtain the data either from the user’s phone, if it’s encrypted with an unbreakable passcode, or from the carrier. Although large carriers in the U.S. retain call logs for a year or more, this may not be the case with carrier outside the US.
It’s not just regular call logs that get sent to Apple’s servers. FaceTime, which is used to make audio and video calls on iOS devices, also syncs call history to iCloud automatically, according to Elcomsoft. The company believes syncing of both regular calls and FaceTime call logs goes back to at least iOS 8.2, which Apple released in March 2015.
And beginning with Apple’s latest operating system, iOS 10, incoming missed calls that are made through third-party VoIP applications like Skype, WhatsApp, and Viber, and that use Apple CallKit to make the calls, also get logged to the cloud, Katalov said.
Because Apple possesses the keys to unlock iCloud accounts, U.S. law enforcement agencies can obtain direct access to the logs with a court order. But they still need a tool to extract and parse it
Generally, if someone were to attempt to download data in an iCloud account, the system would email a notification to the account owner. But Katalov said no notification occurs when someone downloads synced call logs from iCloud.
iCloud is Apple’s cloud service that allows users to sync data across multiple Apple devices, including iPhones, iPads, iPods, and Macs. The iPhone menu corresponding to the service gives users the option of syncing mail, contacts, calendars, reminders, browser history, and notes and wallet data. But even though call logs are automatically getting synced as well, the menu does not list them among the items users can choose to sync. Because there’s no way to opt in to sync call logs, there is also no way to opt out — other than turning off iCloud completely, but this can cause other issues, like preventing apps from storing documents and data (such as WhatsApp backups) in the cloud.
“You can only disable uploading/syncing notes, contacts, calendars, and web history, but the calls are always there,” Katalov said. One way call logs will disappear from the cloud is if a user deletes a particular call record from the log on their device; then it will also get deleted from their iCloud account during the next automatic synchronization.
Katalov said they’re still researching the issue but it appears that in some cases the call logs sync almost instantly to iCloud, while other times it happens only after a few hours.