If you're new to AirPods, considering buying a pair, or just want to pick up some new tips.
AirPods and AirPower: Everything We Know
Apple Says it Syncs Call Logs on iCloud As a 'Convenience to Customers' Amid Security Concerns
Earlier today, reports surfaced on The Intercept and Forbes claiming Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, complete with phone numbers, dates and times, and duration. The info comes from Russian software firm Elcomsoft, which said the call history logs are stored for up to four months.
Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made through third-party VoIP apps using Apple's CallKit framework, such as Skype, WhatsApp, and Viber, also get synced to iCloud. The call logs have been collected since at least iOS 8.2, released in March 2015, so long as a user has iCloud enabled.
Elcomsoft said the call logs are automatically synced, even if backups are turned off, with no way to opt out beyond disabling iCloud entirely.
In some cases, hackers could access an iCloud account even without account credentials, such as by using Elcomsoft's Phone Breaker software. The tool is being updated today with the ability to extract call histories from iCloud with only an authentication token for an account from the accountholder's computer.
However, the entire narrative is largely overblown. In a 63-page white paper about iOS security, Apple clearly defines which information it collects for iCloud backups, emphasis our own. Likewise, in its Legal Process Guidelines, Apple notes FaceTime call invitation logs can be stored for up to 30 days.
Nevertheless, Zdziarski emphasized the need for Apple to be clear to users about the data being collected and stored on iCloud. As noted by The Intercept, Apple does not indicate call logs are synced even with iCloud Backup disabled, while FaceTime call logs appear to be stored longer than Apple's claim of up to 30 days.
iCloud users concerned about their accounts being compromised should set a strong password and enable two-step verification.
Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made through third-party VoIP apps using Apple's CallKit framework, such as Skype, WhatsApp, and Viber, also get synced to iCloud. The call logs have been collected since at least iOS 8.2, released in March 2015, so long as a user has iCloud enabled.
Elcomsoft said the call logs are automatically synced, even if backups are turned off, with no way to opt out beyond disabling iCloud entirely.
“You can only disable uploading/syncing notes, contacts, calendars and web history, but the calls are always there,” said Vladimir Katalov, CEO of Elcomsoft. "One way call logs will disappear from the cloud, is if a user deletes a particular call record from the log on their device; then it will also get deleted from their iCloud account during the next automatic synchronization.Given that Apple possesses the encryption keys to unlock an iCloud account for now, U.S. law enforcement agencies can obtain direct access to the logs with a court order. Worse, The Intercept claims the information could be exposed to hackers and anyone else who might be able to obtain a user's iCloud credentials.
In some cases, hackers could access an iCloud account even without account credentials, such as by using Elcomsoft's Phone Breaker software. The tool is being updated today with the ability to extract call histories from iCloud with only an authentication token for an account from the accountholder's computer.
However, the entire narrative is largely overblown. In a 63-page white paper about iOS security, Apple clearly defines which information it collects for iCloud backups, emphasis our own. Likewise, in its Legal Process Guidelines, Apple notes FaceTime call invitation logs can be stored for up to 30 days.
Here’s what iCloud backs up:Further, in a statement today, Apple said the call history syncing is intentional.
• Information about purchased music, movies, TV shows, apps, and books, but not
the purchased content itself
• Photos and videos in Camera Roll
• Contacts, calendar events, reminders, and notes
• Device settings
• App data
• PDFs and books added to iBooks but not purchased
• Call history
• Home screen and app organization
• iMessage, text (SMS), and MMS messages
• Ringtones
• HomeKit data
• HealthKit data
• Visual Voicemail
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email. "Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”Security researcher Jonathan Zdziarski told The Intercept he "doesn't think Apple is doing anything nefarious in syncing the call logs," which are very clearly stored for the purposes of Continuity and being able to access your call history across Apple devices, even after restoring from a backup.
Nevertheless, Zdziarski emphasized the need for Apple to be clear to users about the data being collected and stored on iCloud. As noted by The Intercept, Apple does not indicate call logs are synced even with iCloud Backup disabled, while FaceTime call logs appear to be stored longer than Apple's claim of up to 30 days.
iCloud users concerned about their accounts being compromised should set a strong password and enable two-step verification.
Tags: security, Jonathan Zdziarski
[ 109 comments ]
Top Rated Comments
(View all)
30 months ago
if you're that paranoid about syncing call logs, you'd disable icloud drive anyways. elcomsoft just wants the attention.
30 months ago
I'll just say it... if this was a story about Google or Android, the flamethrowers would be out
30 months ago
This has been public knowledge for years. My call logs show up on my iPad since I think iCloud Drive launched. This couldn't be more of a non-story.
30 months ago
Oh come on - so much Apple hate lately.
People seem to just be eager to try and start the next circle jerk.
People seem to just be eager to try and start the next circle jerk.
30 months ago
if you're that paranoid about syncing call logs, you'd disable icloud drive anyways. elcomsoft just wants the attention.
I disagree. You can disable the syncing of other data (such as Safari browsing history and bookmarks) selectively in the iCloud Drive settings. Why not have the same option for the call history without having to disable everything?Also, keep in mind that, while maybe your personal calls are not very interesting, there are people whose call histories may be genuinely sensitive, such as lawyers, journalists, policital activists etc. You can't just dismiss this all as paranoia.
30 months ago
Stuff like this gets on my nerves. For 99.99999999% of users this is an awesome convenience, but there's always that small group that is worried about muh privacee. Stuff like this is whats holding Siri back from the likes of Google Assistant because of the paranoia. I wish Apple would split it and have a basic Siri and AI data gathering like they do now and then a more advanced option that users can opt into to have a more useful assistant. Do I want them to go full Google and track every single thing I do? No, I'd love it if I could sync my health data and cards that are in Apple Pay in the Cloud and not have to set that crap up every single time I get a new phone or reset my phone. /rant
30 months ago
I'll just say it... if this was a story about Google or Android, the flamethrowers would be out
In fairness, if it were google, we'd all know exactly what they were doing with it.
30 months ago
While nothing new, I thought it was a bug and have reported it in the past to Apple. Just make a slider for it in the preferences, just like syncing notes for example.
I find it annoying, because I have two iPhones specifically to separate private and business use. Now I still end up having missed calls from work on my private phone... That's something I didn't ask for. :(
I find it annoying, because I have two iPhones specifically to separate private and business use. Now I still end up having missed calls from work on my private phone... That's something I didn't ask for. :(
[ Read All Comments ]
Well-known cable and accessory maker Monoprice today introduced a new sale on Thunderbolt cables, with discounts reaching as much as 35 percent off of original prices during the limited-time event....
Parallels this week debuted a new promo bundle for both new and current users, offering a chance to buy or upgrade to Parallels Desktop 14, and then get ten other Mac apps for free. New owners can...
Over the past few weeks, a handful of users have reported receiving the message "an error occurred" when attempting to load the "For You" tab in iTunes, which provides personalized...
The latest Apple Pay promotion offers you the chance to get $5 off movie tickets with Fandango. To see the discount, you'll have to purchase two or more tickets within a single transaction...
Google Maps this week updated its iOS app with a new "Follow" feature, letting you keep track of events and news from your favorite local restaurants, bakeries, or bars. You can follow a...
Twitter today launched its Twitter Prototype Program and is accepting applications from people who want to beta test new Twitter features on iOS devices. Twitter's tests will be done through a...
Shazam, the song discovery app that's now owned by Apple, received a minor bug fix update last week, which, according to AppFigures, removes all third-party SDKs.
Shazam for iOS is no longer...
As of February 27, 2019, Apple is requiring that all Developer accounts with an Account Holder role be secured with two-factor authentication in order to ensure that only the account owner is able to...
