Likewise, on iOS 10, Elcomsoft said incoming missed calls that are made through third-party VoIP apps using Apple’s CallKit framework, such as Skype, WhatsApp, and Viber, also get synced to iCloud. The call logs have been collected since at least iOS 8.2, released in March 2015, so long as a user has iCloud enabled.
Elcomsoft said the call logs are automatically synced, even if backups are turned off, with no way to opt out beyond disabling iCloud entirely.
“You can only disable uploading/syncing notes, contacts, calendars and web history, but the calls are always there,” said Vladimir Katalov, CEO of Elcomsoft. “One way call logs will disappear from the cloud, is if a user deletes a particular call record from the log on their device; then it will also get deleted from their iCloud account during the next automatic synchronization.
Given that Apple possesses the encryption keys to unlock an iCloud account for now, U.S. law enforcement agencies can obtain direct access to the logs with a court order. Worse, The Intercept claims the information could be exposed to hackers and anyone else who might be able to obtain a user’s iCloud credentials.
In some cases, hackers could access an iCloud account even without account credentials, such as by using Elcomsoft’s Phone Breaker software. The tool is being updated today with the ability to extract call histories from iCloud with only an authentication token for an account from the accountholder’s computer.
However, the entire narrative is largely overblown. In a 63-page white paper about iOS security, Apple clearly defines which information it collects for iCloud backups, emphasis our own. Likewise, in its Legal Process Guidelines, Apple notes FaceTime call invitation logs can be stored for up to 30 days.
Here’s what iCloud backs up:
• Information about purchased music, movies, TV shows, apps, and books, but not
the purchased content itself
• Photos and videos in Camera Roll
• Contacts, calendar events, reminders, and notes
• Device settings
• App data
• PDFs and books added to iBooks but not purchased
• Call history
• Home screen and app organization
• iMessage, text (SMS), and MMS messages
• HomeKit data
• HealthKit data
• Visual Voicemail
Further, in a statement today, Apple said the call history syncing is intentional.
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email. “Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
Security researcher Jonathan Zdziarski told The Intercept he “doesn’t think Apple is doing anything nefarious in syncing the call logs,” which are very clearly stored for the purposes of Continuity and being able to access your call history across Apple devices, even after restoring from a backup.
Nevertheless, Zdziarski emphasized the need for Apple to be clear to users about the data being collected and stored on iCloud. As noted by The Intercept, Apple does not indicate call logs are synced even with iCloud Backup disabled, while FaceTime call logs appear to be stored longer than Apple’s claim of up to 30 days.
iCloud users concerned about their accounts being compromised should set a strong password and enable two-step verification.