Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Apple Says it Syncs Call Logs on iCloud As a 'Convenience to Customers' Amid Security Concerns
Earlier today, reports surfaced on The Intercept and Forbes claiming Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, complete with phone numbers, dates and times, and duration. The info comes from Russian software firm Elcomsoft, which said the call history logs are stored for up to four months.
Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made through third-party VoIP apps using Apple's CallKit framework, such as Skype, WhatsApp, and Viber, also get synced to iCloud. The call logs have been collected since at least iOS 8.2, released in March 2015, so long as a user has iCloud enabled.
Elcomsoft said the call logs are automatically synced, even if backups are turned off, with no way to opt out beyond disabling iCloud entirely.
In some cases, hackers could access an iCloud account even without account credentials, such as by using Elcomsoft's Phone Breaker software. The tool is being updated today with the ability to extract call histories from iCloud with only an authentication token for an account from the accountholder's computer.
However, the entire narrative is largely overblown. In a 63-page white paper about iOS security, Apple clearly defines which information it collects for iCloud backups, emphasis our own. Likewise, in its Legal Process Guidelines, Apple notes FaceTime call invitation logs can be stored for up to 30 days.
Nevertheless, Zdziarski emphasized the need for Apple to be clear to users about the data being collected and stored on iCloud. As noted by The Intercept, Apple does not indicate call logs are synced even with iCloud Backup disabled, while FaceTime call logs appear to be stored longer than Apple's claim of up to 30 days.
iCloud users concerned about their accounts being compromised should set a strong password and enable two-step verification.
Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made through third-party VoIP apps using Apple's CallKit framework, such as Skype, WhatsApp, and Viber, also get synced to iCloud. The call logs have been collected since at least iOS 8.2, released in March 2015, so long as a user has iCloud enabled.
Elcomsoft said the call logs are automatically synced, even if backups are turned off, with no way to opt out beyond disabling iCloud entirely.
“You can only disable uploading/syncing notes, contacts, calendars and web history, but the calls are always there,” said Vladimir Katalov, CEO of Elcomsoft. "One way call logs will disappear from the cloud, is if a user deletes a particular call record from the log on their device; then it will also get deleted from their iCloud account during the next automatic synchronization.Given that Apple possesses the encryption keys to unlock an iCloud account for now, U.S. law enforcement agencies can obtain direct access to the logs with a court order. Worse, The Intercept claims the information could be exposed to hackers and anyone else who might be able to obtain a user's iCloud credentials.
In some cases, hackers could access an iCloud account even without account credentials, such as by using Elcomsoft's Phone Breaker software. The tool is being updated today with the ability to extract call histories from iCloud with only an authentication token for an account from the accountholder's computer.
However, the entire narrative is largely overblown. In a 63-page white paper about iOS security, Apple clearly defines which information it collects for iCloud backups, emphasis our own. Likewise, in its Legal Process Guidelines, Apple notes FaceTime call invitation logs can be stored for up to 30 days.
Here’s what iCloud backs up:Further, in a statement today, Apple said the call history syncing is intentional.
• Information about purchased music, movies, TV shows, apps, and books, but not
the purchased content itself
• Photos and videos in Camera Roll
• Contacts, calendar events, reminders, and notes
• Device settings
• App data
• PDFs and books added to iBooks but not purchased
• Call history
• Home screen and app organization
• iMessage, text (SMS), and MMS messages
• Ringtones
• HomeKit data
• HealthKit data
• Visual Voicemail
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email. "Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”Security researcher Jonathan Zdziarski told The Intercept he "doesn't think Apple is doing anything nefarious in syncing the call logs," which are very clearly stored for the purposes of Continuity and being able to access your call history across Apple devices, even after restoring from a backup.
Nevertheless, Zdziarski emphasized the need for Apple to be clear to users about the data being collected and stored on iCloud. As noted by The Intercept, Apple does not indicate call logs are synced even with iCloud Backup disabled, while FaceTime call logs appear to be stored longer than Apple's claim of up to 30 days.
iCloud users concerned about their accounts being compromised should set a strong password and enable two-step verification.
Tags: security, Jonathan Zdziarski
[ 109 comments ]
Top Rated Comments
(View all)
36 months ago
if you're that paranoid about syncing call logs, you'd disable icloud drive anyways. elcomsoft just wants the attention.
36 months ago
I'll just say it... if this was a story about Google or Android, the flamethrowers would be out
36 months ago
This has been public knowledge for years. My call logs show up on my iPad since I think iCloud Drive launched. This couldn't be more of a non-story.
36 months ago
Oh come on - so much Apple hate lately.
People seem to just be eager to try and start the next circle jerk.
People seem to just be eager to try and start the next circle jerk.
36 months ago
if you're that paranoid about syncing call logs, you'd disable icloud drive anyways. elcomsoft just wants the attention.
I disagree. You can disable the syncing of other data (such as Safari browsing history and bookmarks) selectively in the iCloud Drive settings. Why not have the same option for the call history without having to disable everything?Also, keep in mind that, while maybe your personal calls are not very interesting, there are people whose call histories may be genuinely sensitive, such as lawyers, journalists, policital activists etc. You can't just dismiss this all as paranoia.
36 months ago
Stuff like this gets on my nerves. For 99.99999999% of users this is an awesome convenience, but there's always that small group that is worried about muh privacee. Stuff like this is whats holding Siri back from the likes of Google Assistant because of the paranoia. I wish Apple would split it and have a basic Siri and AI data gathering like they do now and then a more advanced option that users can opt into to have a more useful assistant. Do I want them to go full Google and track every single thing I do? No, I'd love it if I could sync my health data and cards that are in Apple Pay in the Cloud and not have to set that crap up every single time I get a new phone or reset my phone. /rant
36 months ago
I'll just say it... if this was a story about Google or Android, the flamethrowers would be out
In fairness, if it were google, we'd all know exactly what they were doing with it.
36 months ago
While nothing new, I thought it was a bug and have reported it in the past to Apple. Just make a slider for it in the preferences, just like syncing notes for example.
I find it annoying, because I have two iPhones specifically to separate private and business use. Now I still end up having missed calls from work on my private phone... That's something I didn't ask for. :(
I find it annoying, because I have two iPhones specifically to separate private and business use. Now I still end up having missed calls from work on my private phone... That's something I didn't ask for. :(
[ Read All Comments ]
Apple today sent out emails to customers about its latest Apple Pay promo, which will see the company donating $10 to the National Park Foundation for Apple Pay purchases made from the Apple...
We're just a few weeks away from the unveiling of this year's iPhone lineup as well as the official release of iOS 13 and Apple's other new operating system versions, and we're...
For this week's giveaway, we've teamed up with RAVPower to offer MacRumors readers a chance to win a 61W USB-C Power Adapter and a USB-C to Lightning cable, which can be used to fast charge...
Satechi this summer launched its first HomeKit-compatible product, the Dual Smart Outlet, a HomeKit plug that turns dumb appliances and electronics into smart electronics that can work alongside...
As we head into the weekend, there are a few notable deals going on today that include an all-new MacRumors exclusive offer from Eve, Best Buy's anniversary sale with lowest-ever iPad prices, and...
Version 7 of Heart Analyzer was released today, and the popular third-party heart-rate app for iPhone and Apple Watch has gained some additional features for users looking for even deeper insight...
Apple today seeded the seventh beta of watchOS 6, the software that runs on the Apple Watch. The new beta comes a week after the sixth beta and two months after Apple first unveiled the new watchOS...
Apple today seeded seventh beta of an upcoming tvOS 13 update to developers, one week after seeding the sixth beta and two months after unveiling the tvOS 13 software at the Worldwide Developers...
