Night mode is an automatic setting which takes advantage of the new wide-angle camera that's in the iPhone 11 and 11 Pro models. It's equipped with a larger sensor that is able to let in more light, allowing for brighter photos when the light is low.
macOS Catalina Now Available
Apple Says it Syncs Call Logs on iCloud As a 'Convenience to Customers' Amid Security Concerns
Earlier today, reports surfaced on The Intercept and Forbes claiming Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, complete with phone numbers, dates and times, and duration. The info comes from Russian software firm Elcomsoft, which said the call history logs are stored for up to four months.
Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made through third-party VoIP apps using Apple's CallKit framework, such as Skype, WhatsApp, and Viber, also get synced to iCloud. The call logs have been collected since at least iOS 8.2, released in March 2015, so long as a user has iCloud enabled.
Elcomsoft said the call logs are automatically synced, even if backups are turned off, with no way to opt out beyond disabling iCloud entirely.
In some cases, hackers could access an iCloud account even without account credentials, such as by using Elcomsoft's Phone Breaker software. The tool is being updated today with the ability to extract call histories from iCloud with only an authentication token for an account from the accountholder's computer.
However, the entire narrative is largely overblown. In a 63-page white paper about iOS security, Apple clearly defines which information it collects for iCloud backups, emphasis our own. Likewise, in its Legal Process Guidelines, Apple notes FaceTime call invitation logs can be stored for up to 30 days.
Nevertheless, Zdziarski emphasized the need for Apple to be clear to users about the data being collected and stored on iCloud. As noted by The Intercept, Apple does not indicate call logs are synced even with iCloud Backup disabled, while FaceTime call logs appear to be stored longer than Apple's claim of up to 30 days.
iCloud users concerned about their accounts being compromised should set a strong password and enable two-step verification.
Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made through third-party VoIP apps using Apple's CallKit framework, such as Skype, WhatsApp, and Viber, also get synced to iCloud. The call logs have been collected since at least iOS 8.2, released in March 2015, so long as a user has iCloud enabled.
Elcomsoft said the call logs are automatically synced, even if backups are turned off, with no way to opt out beyond disabling iCloud entirely.
“You can only disable uploading/syncing notes, contacts, calendars and web history, but the calls are always there,” said Vladimir Katalov, CEO of Elcomsoft. "One way call logs will disappear from the cloud, is if a user deletes a particular call record from the log on their device; then it will also get deleted from their iCloud account during the next automatic synchronization.Given that Apple possesses the encryption keys to unlock an iCloud account for now, U.S. law enforcement agencies can obtain direct access to the logs with a court order. Worse, The Intercept claims the information could be exposed to hackers and anyone else who might be able to obtain a user's iCloud credentials.
In some cases, hackers could access an iCloud account even without account credentials, such as by using Elcomsoft's Phone Breaker software. The tool is being updated today with the ability to extract call histories from iCloud with only an authentication token for an account from the accountholder's computer.
However, the entire narrative is largely overblown. In a 63-page white paper about iOS security, Apple clearly defines which information it collects for iCloud backups, emphasis our own. Likewise, in its Legal Process Guidelines, Apple notes FaceTime call invitation logs can be stored for up to 30 days.
Here’s what iCloud backs up:Further, in a statement today, Apple said the call history syncing is intentional.
• Information about purchased music, movies, TV shows, apps, and books, but not
the purchased content itself
• Photos and videos in Camera Roll
• Contacts, calendar events, reminders, and notes
• Device settings
• App data
• PDFs and books added to iBooks but not purchased
• Call history
• Home screen and app organization
• iMessage, text (SMS), and MMS messages
• Ringtones
• HomeKit data
• HealthKit data
• Visual Voicemail
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email. "Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”Security researcher Jonathan Zdziarski told The Intercept he "doesn't think Apple is doing anything nefarious in syncing the call logs," which are very clearly stored for the purposes of Continuity and being able to access your call history across Apple devices, even after restoring from a backup.
Nevertheless, Zdziarski emphasized the need for Apple to be clear to users about the data being collected and stored on iCloud. As noted by The Intercept, Apple does not indicate call logs are synced even with iCloud Backup disabled, while FaceTime call logs appear to be stored longer than Apple's claim of up to 30 days.
iCloud users concerned about their accounts being compromised should set a strong password and enable two-step verification.
Tags: security, Jonathan Zdziarski
[ 109 comments ]
Top Rated Comments
(View all)
38 months ago
if you're that paranoid about syncing call logs, you'd disable icloud drive anyways. elcomsoft just wants the attention.
38 months ago
This has been public knowledge for years. My call logs show up on my iPad since I think iCloud Drive launched. This couldn't be more of a non-story.
38 months ago
I'll just say it... if this was a story about Google or Android, the flamethrowers would be out
38 months ago
Oh come on - so much Apple hate lately.
People seem to just be eager to try and start the next circle jerk.
People seem to just be eager to try and start the next circle jerk.
38 months ago
if you're that paranoid about syncing call logs, you'd disable icloud drive anyways. elcomsoft just wants the attention.
I disagree. You can disable the syncing of other data (such as Safari browsing history and bookmarks) selectively in the iCloud Drive settings. Why not have the same option for the call history without having to disable everything?Also, keep in mind that, while maybe your personal calls are not very interesting, there are people whose call histories may be genuinely sensitive, such as lawyers, journalists, policital activists etc. You can't just dismiss this all as paranoia.
38 months ago
Stuff like this gets on my nerves. For 99.99999999% of users this is an awesome convenience, but there's always that small group that is worried about muh privacee. Stuff like this is whats holding Siri back from the likes of Google Assistant because of the paranoia. I wish Apple would split it and have a basic Siri and AI data gathering like they do now and then a more advanced option that users can opt into to have a more useful assistant. Do I want them to go full Google and track every single thing I do? No, I'd love it if I could sync my health data and cards that are in Apple Pay in the Cloud and not have to set that crap up every single time I get a new phone or reset my phone. /rant
38 months ago
I'll just say it... if this was a story about Google or Android, the flamethrowers would be out
In fairness, if it were google, we'd all know exactly what they were doing with it.
38 months ago
While nothing new, I thought it was a bug and have reported it in the past to Apple. Just make a slider for it in the preferences, just like syncing notes for example.
I find it annoying, because I have two iPhones specifically to separate private and business use. Now I still end up having missed calls from work on my private phone... That's something I didn't ask for. :(
I find it annoying, because I have two iPhones specifically to separate private and business use. Now I still end up having missed calls from work on my private phone... That's something I didn't ask for. :(
[ Read All Comments ]
This week saw a new addition to Apple's Beats headphones lineup, while Apple appears to have leaked images of its upcoming 16-inch MacBook Pro in the new macOS 10.15.1 betas.
Other top...
For this week's giveaway, we've teamed up with Plex to offer MacRumors readers a chance to win a cord-cutting bundle that includes a lifetime Plex Pass, an antenna, and a TV tuner for...
Google Maps for iOS is gaining a new feature today that's designed to allow people to report crashes, speed traps, and traffic slowdowns right from their iPhones.
Reporting traffic accidents...
Apple this week introduced Beats Studio3 Wireless Headphones in a new Camo Collection, available in either Forest Green or Sand Dune.
The Beats Studio3 Wireless Headphones in the Camo Collection...
Apple Arcade gained a batch of new games today for the iPhone, iPad, Apple TV, and Mac.
The latest titles available include real-time player-versus-player baseball game "Ballistic...
Apple today sent out emails for a new Apple Pay promotion, offering a $5 discount on groceries when you spend $35 or more through Instacart. To get the discount, you'll need to use Apple...
Luna Display today introduced a new Mac-to-Mac mode that allows any Mac released within the last decade to be used as a second display for another Mac. This includes any combination of Macs, ranging...
Apple has released a third trailer for the upcoming comedy series "Dickinson" ahead of its November 1 premiere on Apple TV+.
Dickinson is a half-hour comedy series starring...
