According to the forensics of Elcomsoft, a Russian security firm, the call history of any iPhone user with iCloud enabled is being sent to Apple servers without their consent.
iCloud securely stores your photos, videos, documents, music, apps, and more — and keeps them updated across all your devices. So you always have access to what you want, wherever you want it. But your call history is not a part of this agreement. Apple has always gone to lengths to ensure security and privacy of its users. But now it’s revealed that your private information can still escape.
Any cloud should keep the data for few days only but as per Elcomsoft report, Apple keeps your data for up to four months. Any government law enforcement agency with warrants and legal access may obtain the data through court order during that time. Users only allow their photos, videos, calendar etc., to be stored on iCloud but not their call logs.
Robert Osgood, a former FBI agent said,
“Four months is a long time. It’s generally 30 or 60 days for telecom providers, because they don’t want to keep more than they absolutely have to. So, if Apple is holding data for four months, that could be a very interesting data repository and they may have data that the telecom provider might not.”
According to Elcomsoft, not only your call logs but also the history of audio and video calls made by FaceTime are uploaded on Apple servers. And for the latest iOS 10, even your missed calls, and calls made from third party like Whatsapp, Skype, Viber etc., are also sent to Apple. This means your sensitive information is vulnerable.
Apple admitted that the call logs are being intentionally synced:
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple representative said in an email, “Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
A few months ago a similar activity was reported in iMessage logs too. A phishing attack took place back in 2014 when a hacker obtained the nude photos of more than 100 celebrities through their iCloud credentials using Elcomsoft software.
Chris Soghoian, chief technologist for the American Civil Liberties Union, said, “iCloud really is the Achilles heel of the privacy of the iPhone platform. The two biggest privacy problems associated with iCloud don’t have check boxes, nor do they require that you opt in either.”
Apple should take some action to resolve the issue, otherwise, it would seriously undermine its credibility. Although Apple’s server is encrypted and secured, still, hackers or law enforcement agencies can warrant for any data. Apple can introduce an option to disable call log syncing only, without having to disable the whole iCloud.