New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Tracks Who You Contact on Messages, Stores Logs for 30 Days

Wednesday September 28, 2016 12:00 pm PDT by Juli Clover
Conversations in the Messages app feature end-to-end encryption that makes the content of the messages impossible to decipher, but according to documentation found by The Intercept, Apple tracks who its customers send iMessages to and is able to hand that information over to law enforcement when compelled to do so through a court order.

When a text message is sent to someone, the Messages app pings Apple's servers to see if the person has an iPhone or iPad in an effort to determine whether to send a message via iMessage or SMS. Each ping records date, time, number, and IP address, all of which is kept in a log that Apple says it stores for 30 days
Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
The data on how Messages works was reportedly obtained by The Intercept from a document entitled "iMessage FAQ for Law Enforcement" that was given to the Florida Department of Law Enforcement's Electronic Surveillance Support Team. While labled "Law Enforcement Sources" and "For Official Use Only," it is not clear who wrote it.

applelawenforcementdocumentation
Click to enlarge. Image via The Intercept

As The Intercept points out, the documentation suggests that each number entered into the Messages app is transmitted to Apple when a new chat is opened, even if a conversation does not end up taking place. An Apple spokesperson said that the logging information in the iMessage FAQ is "generally accurate" but did not give additional data to make it clearer exactly when the Messages app pings Apple's servers. Apple did, however, give the following statement:
When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don't contain the contents of conversations or prove that any communication actually took place.
Apple takes a strong stance on privacy and promises to keep customer data private with tools like end-to-end encryption for the Messages app, but it has always maintained that there is some information that it is able to provide to law enforcement officials when compelled to do so.

Apple's website features a privacy section that details the information it collects and the types of data that it provides for government requests, including a full rundown of what's available to law enforcement [PDF]. Apple's documentation does not appear to mention Messages specifically, but it does specify that iCloud connection logs are retained for 30 days and that FaceTime calls logs are also maintained.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: iMessage, privacy
[ 148 comments ]


Top Rated Comments

(View all)

Avatar
Deelron
38 months ago
This seems like a non-story, wouldn't basically any service of this type have to keep this sort of data for a brief period of time?
Rating: 26 Votes
Avatar
Kaibelf
38 months ago
No issue here. Sometimes people send a text and the message has to sit there until the recipient's phone is on as well. Either way, the content is secure and that's what we all care about. The rest is the equivalent of the list of who you called that's on any phone bill.
Rating: 18 Votes
Avatar
venom600
38 months ago
Does this surprise anyone? Even the messages are held for up to two weeks if they can't be delivered. It seems like a non story. If you don't want records kept, use Signal.
Rating: 14 Votes
Avatar
keysofanxiety
38 months ago

It's not a major issue, but it also flies in the face of Apple's privacy philosophy


No, it doesn't. Apple are completely upfront with their privacy policy.

We're talking about a messaging app, synced across Mac/iOS devices, capable of sending SMS and iMessage, with the entire conversation history available until you delete it. Pinging a device and Apple's servers, to figure out what a device is and how to talk to it, just comes with the territory of this technology.

And again, Apple can't see any of the content from the messages, nor do they store it or even have the facility to decrypt it. Complete non-issue.
Rating: 13 Votes
Avatar
macs4nw
38 months ago
No issue here either but still good to know. Also smart to occasionally remind oneself that no matter numerous claims to the contrary, no single internet communication is 100% secure.
Rating: 7 Votes
Avatar
oneMadRssn
38 months ago
I'm having a hard time seeing how this is more than what is already available to law enforcement though the telcos.
Rating: 6 Votes
Avatar
AustinIllini
38 months ago
It's not a major issue, but it also flies in the face of Apple's privacy philosophy
Rating: 6 Votes
Avatar
bradl
38 months ago
No better than Google, nor any other phone company to begin with.

Again, since your data is going through a third party, they are not protected by the 4th Amendment when it comes to needing a warrant for search. All that is needed is a subpoena by a clerk of the court (and by default, any lawyer is a clerk of the court).

All of this was mentioned in the following thread, 3 years ago.

https://forums.macrumors.com/threads/your-personal-data-versus-the-4th-amendment.1649516/

This isn't Apple's fault. This isn't Google's fault. This isn't any Telco's fault. The fault of this lies in how the 4th Amendment is applied, and that it does not cover 3rd parties in charge of handling your data.

BL.
Rating: 6 Votes
Avatar
nikhsub1
38 months ago

...but it also flies in the face of Apple's privacy philosophy

I think perhaps you don't understand the article.
Rating: 5 Votes
Avatar
69Mustang
38 months ago

It's not a major issue, but it also flies in the face of Apple's privacy philosophy

I swear I'm not picking on you. I swear. Your post highlights an issue I've had with people when discussing the difference between Apple's actual privacy policy and their marketed privacy philosophy. They are not the same thing and shouldn't be confused with one another. Anyone trying to conflate the two only has themselves to blame. Apple's privacy policy has been available to anyone to read, well, since forever. Apple is pretty darn honest about what they do and don't do.

Their privacy policy should be required reading for anyone discussing what they think Apple's stance is on privacy.

Again, not picking on you. Just using your comment as the vehicle to drive my point.
Rating: 5 Votes

[ Read All Comments ]