Apple Tracks Who You Contact on Messages, Stores Logs for 30 Days

Conversations in the Messages app feature end-to-end encryption that makes the content of the messages impossible to decipher, but according to documentation found by The Intercept, Apple tracks who its customers send iMessages to and is able to hand that information over to law enforcement when compelled to do so through a court order.

When a text message is sent to someone, the Messages app pings Apple's servers to see if the person has an iPhone or iPad in an effort to determine whether to send a message via iMessage or SMS. Each ping records date, time, number, and IP address, all of which is kept in a log that Apple says it stores for 30 days

Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.

The data on how Messages works was reportedly obtained by The Intercept from a document entitled "iMessage FAQ for Law Enforcement" that was given to the Florida Department of Law Enforcement's Electronic Surveillance Support Team. While labled "Law Enforcement Sources" and "For Official Use Only," it is not clear who wrote it.

applelawenforcementdocumentation

Click to enlarge. Image via The Intercept

As The Intercept points out, the documentation suggests that each number entered into the Messages app is transmitted to Apple when a new chat is opened, even if a conversation does not end up taking place. An Apple spokesperson said that the logging information in the iMessage FAQ is "generally accurate" but did not give additional data to make it clearer exactly when the Messages app pings Apple's servers. Apple did, however, give the following statement:

When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don't contain the contents of conversations or prove that any communication actually took place.

Apple takes a strong stance on privacy and promises to keep customer data private with tools like end-to-end encryption for the Messages app, but it has always maintained that there is some information that it is able to provide to law enforcement officials when compelled to do so.

Apple's website features a privacy section that details the information it collects and the types of data that it provides for government requests, including a full rundown of what's available to law enforcement [PDF]. Apple's documentation does not appear to mention Messages specifically, but it does specify that iCloud connection logs are retained for 30 days and that FaceTime calls logs are also maintained.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

Deelron Avatar
87 months ago
This seems like a non-story, wouldn't basically any service of this type have to keep this sort of data for a brief period of time?
Score: 26 Votes (Like | Disagree)
Kaibelf Avatar
87 months ago
No issue here. Sometimes people send a text and the message has to sit there until the recipient's phone is on as well. Either way, the content is secure and that's what we all care about. The rest is the equivalent of the list of who you called that's on any phone bill.
Score: 18 Votes (Like | Disagree)
venom600 Avatar
87 months ago
Does this surprise anyone? Even the messages are held for up to two weeks if they can't be delivered. It seems like a non story. If you don't want records kept, use Signal.
Score: 14 Votes (Like | Disagree)
keysofanxiety Avatar
87 months ago
It's not a major issue, but it also flies in the face of Apple's privacy philosophy
No, it doesn't. Apple are completely upfront with their privacy policy.

We're talking about a messaging app, synced across Mac/iOS devices, capable of sending SMS and iMessage, with the entire conversation history available until you delete it. Pinging a device and Apple's servers, to figure out what a device is and how to talk to it, just comes with the territory of this technology.

And again, Apple can't see any of the content from the messages, nor do they store it or even have the facility to decrypt it. Complete non-issue.
Score: 13 Votes (Like | Disagree)
macs4nw Avatar
87 months ago
No issue here either but still good to know. Also smart to occasionally remind oneself that no matter numerous claims to the contrary, no single internet communication is 100% secure.
Score: 7 Votes (Like | Disagree)
oneMadRssn Avatar
87 months ago
I'm having a hard time seeing how this is more than what is already available to law enforcement though the telcos.
Score: 6 Votes (Like | Disagree)

Popular Stories

google drive for desktop1

Google to Roll Out New 'Drive for Desktop' App in the Coming Weeks, Replacing Backup & Sync and Drive File Stream Clients

Tuesday July 13, 2021 1:18 am PDT by
Earlier this year, Google announced that it planned to unify its Drive File Stream and Backup and Sync apps into a single Google Drive for desktop app. The company now says the new sync client will roll out "in the coming weeks" and has released additional information about what users can expect from the transition. To recap, there are currently two desktop sync solutions for using Google...