Oh No: Apple Keeps A Constant Log of Our Calls on iCloud
Russia’s Elcomsoft, a provider of iPhone hacking tools, has announced that Apple collects iPhone call logs without our approval. In doing so, the process is automatic unless you turn off iCloud Drive, according to Forbes.
According to Elcomsoft CEO Vladimir Katalov:
Syncing call logs happens almost in real time, though sometimes only in a few hours,” he added. “But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case many applications will stop working or lose iCloud-related features completely.
What this means
Noted iOS forensics expert Jonathan Zdziarski told Forbes that this type of tracking is probably an “engineering issue” that Apple put in place to make handoff work when answering calls between your phone and your desktop.
He notes:
They need to be able to sync a lot of that call data. I suspect whatever software engineer wrote that part of it probably decided to just go and stick that data in your iCloud Drive because that’s kind of what it’s purpose is.
Moving forward, Zdziarski suggests that Apple could add end-to-end encryption to iCloud. Doing so, however, could cause more problems between Apple and U.S. spy and law enforcement agencies.
“But politically speaking it could create a war with certain federal agencies that use that data on a daily basis,” according to Zdziarski.
Apple responds
Responding to Forbes’ story, Apple told AppleInsider:
We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers’ data. That’s why we give our customers the ability to keep their data private. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.
Do you think Apple should collect our call logs?