Russian computer forensics firm Elcomsoft reported earlier this week that Apple has been continuously storing its customers' call and FaceTime logs in its iCloud servers.
This is a tactic that has been going on for four months now.
How Apple Is Sending Private Info To The Cloud
Anybody using their iPhone or iPad to call or FaceTime someone automatically sends this private information — dates, length of calls, and phone numbers — to Apple's iCloud servers especially when iCloud sync is enabled on the device.
Privacy experts have time and again noted how companies such as Apple could provide authorities with encryption keys that could unlock such personal data within the iPhone or iPad because the tech giant actually holds on to these information-decoding secrets.
And unfortunately, there is no other way to hide the call logs from any government requests unless the users directly disable the iCloud Drive service.
Aside from saving regular call logs, Apple also seems to have been logging the metadata of FaceTime calls since the public release of iOS 8.2 for iPhones in March 2015.
In Apple's security guide, it can be noted that FaceTime employs end-to-end encryption, protecting the audio and video content of messages sent over the app. However, Elcomsoft's recent finding seemingly contradicts this and other statements written in the iOS security guide.
For example, Apple mentioned it had no stored information on whether FaceTime calls were successfully pushed out or for how long such calls lasted. Apple also insisted that FaceTime call logs were only retained for 30 days. But analysts are reported otherwise.
"Syncing call logs happens almost in real time, though sometimes only in a few hours," Elcomsoft CEO Vladimir Katalov says. "Synced data contains full information including call duration and both parties. We were able to extract information going back more than four months ago."
Why Is Apple Keeping Call Logs And FaceTime Metadata On iCloud?
With access to this personal information, both hackers and law enforcers such as the police and FBI could access data locked up on iPhones and iPads, which could potentially give access to other private info.
But there is obviously a big loophole to this security flaw (if one could actually call it a flaw).
Any hacker would require the Apple ID and password of an individual's iCloud account to gain such access. These credentials would not really be that easy to obtain unless the target were openly telling others their account details.
In truth, Apple has long considered its call history uploading on iCloud a feature essential to cross-device functionalities — not because the company wants to spy on its users.
If Apple really did want to provide authorities its customers' personal info, then it should have allowed the FBI to access the San Bernardino shooter's device earlier this year, which Apple did not provide access to.
The most logical reason Apple has been doing this is for restoring purposes. When backing up an iPhone or iPad to iCloud, the entire device's data, including photos, notes, messages, contacts, videos and call logs, will be restored to the way they were before.
Apple believes these are all vital information that customers do not want to lose.