Encrypted communications app Signal received an update yesterday that enabled video calling for the first time, but the latest version also brings CallKit support to the platform, which may leave some privacy-conscious users wary.
Introduced in iOS 10, the CallKit SDK allows incoming calls from third-party VoIP apps to appear on the iOS lock screen and recent calls list, just like standard cellular IDs do. The concern among the privacy community is that their call data – including who they called and how long they spoke for – could be synced to iCloud.
In a blog post announcing the new beta features, Signal developers Open Whisper Systems noted that like video calling, CallKit integration is optional, and those concerned about data leakage can turn the support off in settings (Settings -> Advanced -> Use CallKit). The developers also told Wired that in the future, CallKit might only display "Signal users" in an iPhone's call log, to prevent the disclosure of identifying information.
Back in August, Russian security firm Elcomsoft discovered that iPhones automatically send a user's call history to the company's servers if iCloud is enabled, but the data gets uploaded in many instances without any user notification. The fear among privacy-minded users is that state actors could theoretically gain access to this information through cooperation with Apple, or that hackers could crack iCloud passwords and break into accounts.
More recently Elcomsoft revealed that when iPhone and iPad users permanently deleted their Safari browser history off their devices, iCloud had been storing that history for several months to over a year, before Apple reportedly fixed the issue. Concerned users are advised to turn off iCloud backups to keep their browsing history private, and be sure to check out the MacRumors Safari privacy guide for more useful information regarding browser settings on iOS devices.