iPhones Secretly Send Call History To Apple, Security Firm Says (theintercept.com) 124
Russian digital forensics Elcomsoft says iPhones send near real-time logs to Apple servers even when iCloud backup is switched off. The firm adds that these logs are stored for up to four months. From a report on the Intercept:"You only need to have iCloud itself enabled" for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft. The logs surreptitiously uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls. Elcomsoft said Apple retains the data in a user's iCloud account for up to four months, providing a boon to law enforcement who may not be able to obtain the data either from the user's carrier, who may retain the data for only a short period, or from the user's device, if it's encrypted with an unbreakable passcode. "Absolutely this is an advantage [for law enforcement]," Robert Osgood, a former FBI supervisory agent who now directs a graduate program in computer forensics at George Mason University, said of Apple's call-history uploads. "Four months is a long time [to retain call logs]. It's generally 30 or 60 days for telecom providers, because they don't want to keep more [records] than they absolutely have to. So if Apple is holding data for four months, that could be a very interesting data repository and they may have data that the telecom provider might not."
off-shore revenue (Score:5, Interesting)
Re: (Score:3)
Isn't the iPhone a US politician's usual choice? Maybe it's more along the lines of Apple saying "If our tax liability were to suddenly increase then your call history becomes public".
Re: (Score:2)
no, they will probably say we'll stop retaining call history at all and have the FBI and other agencies run to congress to keep their tax benefits going
Re: (Score:3)
I don't use it....I never thought it was a good idea to have any of my phone info on Apple servers.
I back my phone up when I physically connect it to my home computer.
Re: (Score:2)
Re: (Score:1)
I have a jailbroken 6s and I rsync daily (cron job) to backup.
Re: (Score:3)
Same goes for you google.
But we didn't see a russian security firm level the same accusation at Google.
Reading comprehension fail. I said that Google needs to do it, I was not accusing Google of currently doing it.
If they don't, why do they say so in their Privacy Policy [google.com]
When you use our services or view content provided by Google, we automatically collect and store certain information in server logs. This includes:
- telephony log information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.
Reason why Russian security firms can't see that (*) is because it isn't stored accessible by you on your own Google account.
(*) Or can't tell you they can, because that would require hacking Google's server.
30 or 60 days (Score:1, Interesting)
Sorry, wireless companies keep records a hell of a lot longer than that. Just log into your wireless account and look at your bill history. That info is not secure if they issue a warrant to the company for your phone records.
But sorry, please start the Apple hate machine....
Re:30 or 60 days (Score:5, Insightful)
Apple working with phone service provider (Score:3, Interesting)
I'm sorry but the people selling you phone service keeping logs of your phone calls is one thing, the people that just made the phone have no business at all logging that data for any reason. But I guess it's ok though because apple did it and apple can do no wrong.
With iCloud enabled calls to your iPhone are also routed to iPads or Macs so you can answer via FaceTime. Apple is "integrating" with your phone service provider.
Re: (Score:2)
With iCloud enabled calls to your iPhone are also routed to iPads or Macs so you can answer via FaceTime. Apple is "integrating" with your phone service provider.
What's your point? Once the call is over with it can't be routed to your Mac or iPad, so there's no reason to keep a log of a call once it is completed.
Re: (Score:2)
With iCloud enabled calls to your iPhone are also routed to iPads or Macs so you can answer via FaceTime. Apple is "integrating" with your phone service provider.
What's your point? Once the call is over with it can't be routed to your Mac or iPad, so there's no reason to keep a log of a call once it is completed.
"Move seamlessly between your devices with Handoff, Universal Clipboard, iPhone Cellular Calls, SMS/MMS messaging, Instant Hotspot, and Auto Unlock."
https://support.apple.com/en-u... [apple.com]
Plus as the AC mentioned there is also calling someone back using the Mac or iPad at a later date.
Re: (Score:1)
We know the telecoms have my call history, Apple has done this secretly, but you keep being an iTard apologist, typical Apple fanboy.
Really? Have you seen those logs?
Is there ANY possible reason for APPLE to want to know who you are calling?
Think about it.
I think they don't exist.
Re: (Score:2)
"Really? Have you seen those logs?"
I guess you've never used a landline (or rather, paid the bill to one) in your life. Usually, the bill comes with a full listing of all dialed numbers.
Re: (Score:1)
"Really? Have you seen those logs?"
I guess you've never used a landline (or rather, paid the bill to one) in your life. Usually, the bill comes with a full listing of all dialed numbers.
From the CARRIER, sure.
Re: 30 or 60 days (Score:1)
very interesting indeed (Score:5, Informative)
So if Apple is holding data for four months, that could be a very interesting data repository and they may have data that the telecom provider might not.
Cook: "In my point of view, [privacy] is a civil liberty that our Founding Fathers thought of a long time ago and concluded it was an essential part of what it was to be an American. Sort of on the level, if you will, with freedom of speech, freedom of the press." [slashdot.org]
So, Timmy, is privacy worth being protected or not? How is this 'protecting privacy'? Just because you can obtain these logs, why are you doing it?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Apple isn't an "ad company" because they failed with iAds [buzzfeed.com]. They tried, they tried really hard - but couldn't pull it off.
And yet even then it wasn't their primary source of revenue or their main focus. Google is the one interested in customer data so they can push ads on them. Apple has never shown any interest in mass data collection from their users outside what they need to have to provide their services (such as cross-device call history sync, as is the case here), and they certainly are not making money off selling it, as the OP suggested.
Re: very interesting indeed (Score:2)
Re: (Score:1)
Your privacy is being protected; Apple is protecting it for you by looking after your data for a while. Don't you trust them? If it doesn't give you a warm, fuzzy feeling, and make you feel a little bit special to have Apple holding onto your data, then you should turn in your fanboi card immediately.
Re:very interesting indeed (Score:5, Informative)
Just because you can obtain these logs, why are you doing it?
Apple already answered that question. From the article (yes, I'm guilty of reading it in this instance):
Apple acknowledged that the call logs are being synced and said it’s intentional.
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email.”Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
Moreover, the article contradicts the headline's assertion that this was a "secret" collection of data, since Apple has apparently been up-front about the collection ever since it was added, having disclosed it in their security white papers over the last few years. Plus, users are apparently in control of the data still. Deleting the log on your phone syncs the deletion through to iCloud as well, allowing the user to delete the log at any time.
Of course, it would be better if Apple didn't have access to the data in the first place, and while Apple has announced their intent to encrypt things in such a way that they wouldn't be able to access them, the article rightly calls them out for having yet to actually do so in the 9 months since they announced those plans.
The article goes on to mention that this same call log syncing feature was added to newer versions of Android and Windows Phone as well, with the exact same caveats about it being impossible to turn off without turning off all syncing services. Neither Google or Microsoft were mentioned as having announced plans to encrypt the data to keep it out of their own hands, though I'd hope (but not expect that) they'd all jump on that bandwagon.
Re: (Score:2)
Apple has apparently been up-front about the collection ever since it was added, having disclosed it in their security white papers over the last few years.
And of course the average iPhone user spends lots of time reading security white papers, in between the hours they devote to keeping up with all the Technical Service Bulletins for their car...
Re:very interesting indeed (Score:4, Insightful)
And that's a fair point. Apple already does quite a bit [apple.com] to try and educate their users about the security and privacy of their devices, but the industry as a whole needs to be doing an even better job, as I'm sure you'd agree.
Even so, the details were readily available to anyone who was interested in them, and Apple's white papers are fairly easy reading as far as technical breakdowns go, so the headline's claim that Apple was secretly collecting the data is clearly false, which is highlighted by the fact that the article itself refutes the headline.
Re: very interesting indeed (Score:2)
Re: (Score:2)
Deleting the log on your phone syncs the deletion through to iCloud as well, allowing the user to delete the log at any time.
And that's the difference that makes ALL the difference.
I agree that it would be much better if this was an "Opt-Out/In" Setting, and if it were encrypted from Apple's view, too.
But unless you are under an active investigation, keeping your call-log "pruned" is a good first step.
Re: (Score:2)
So, Timmy, is privacy worth being protected or not? How is this 'protecting privacy'? Just because you can obtain these logs, why are you doing it?
I'm not Tim, but I'll wager an answer.
Apple offers a service where it can route calls from your phone to your other Apple devices as part of iCloud syncing. They store you call history as part of your iCloud data as call history is useful to have synced on all your devices and computers able to make and take calls. If you turn off iCloud, they don't store this data, as there's no point to do so.
I would argue that they could do a better job though, by having more granular controls over this feature and allow
Secretly (Score:1)
Yeah that's how it happens. I setup my iPhone and secretly is syncs my call history to my phone. Wow! Where did that come from I wonder?
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
It is one thing if there is a user-centered purpose for it...
So you can see who called you and easily return calls.
Re: (Score:2)
It is one thing if there is a user-centered purpose for it...
I find it useful to see my call history on devices other than my phone. Those other devices that can also make and take calls.
Comment removed (Score:5, Insightful)
Re:Yeah, and? (Score:4, Interesting)
Only a LITTLE pissed? Interesting.
Re: (Score:3)
Re: (Score:2)
Comment removed (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
but it's implied by the very act of syncing.
Given when setting syncing up i generally have a list of checkboxes that say whether i want to sync A, B, or C then syncing something else without disclousure is definitely not 'implied'.
Re:Yeah, and? (Score:5, Insightful)
Without the user's knowledge?
So when they get a new device and the call history magically shows up after putting in the iCloud account and password, it's divining that through psychic feed or something?
No ability to control it?
Turn off iCloud. It no longer stores this information. Sounds like a fairly easy and basic control to me. Would it be better if there was an individual switch for this function? Probably, but at some point you end up with an overwhelming page of little switches for every single little thing, and it's a usability nightmare that most people wouldn't bother with anyway.
Re: (Score:3)
Re: (Score:2)
Well, as they have to actually opt-in to iCloud, then I would assume that they read what it actually does before blindly turning it on and establishing a set of credentials.
There are the non-techies, then there is the willfully ignorant.
Re: (Score:2)
it's a cheap no margin phone from a chinese manufacturer. what did you expect?
Re: (Score:2)
(Also I'm still a little pissed that my BLU smartphone has been sending my SMS messages to China until today for reasons that nobody is willing to give an even vaguely plausible answer to.)
Probably the exact same reason apple has. They can, and can probably make money from it.
Re: (Score:2)
IKR?
Telemetry is the new normal, they all do it. Apple, MS, Google, etc, etc, etc....
So can the FBI force apple to turn that over next (Score:2)
So can the FBI force apple to turn that over next time?
Re: (Score:1)
So can the FBI force apple to turn that over next time?
Yes, and the "forcing" would be just like "forcing" a horny 16-year old to have sex with a hot chick who has her legs spread and is whispering, "C'mon, baby, bang me!"
Re: (Score:2)
http://abcnews.go.com/US/nsa-p... [go.com]
"... the percentage of available records has shot up from 30 percent to virtually 100. Rather than one internal, incomplete database, the NSA can now query any of several complete ones."
The US gov is getting it all. They just hope the wider public does not notice and keeps on trusting their fav US brands.
They're only being thoughtful (Score:2)
Litigation time! (Score:5, Funny)
Oh my god! You mean when Apple said they'd store all the data on my phone remotely for me, the madmen actually went and did it?
I'm suing.
FTA - Nefarious or just stupidity. (Score:5, Informative)
"“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email.”Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
Not defending Apple here and I only have an iPhone (no other part of the Apple ecosystem) so I can't speak to the need (or usefulness) of being able to return a call from my iPad or Mac if I miss a call from my iPhone. This just smacks of more Siri/cloud/Cortana data collection garbage to me.
Heck, I'd have the iCloud completely turned off still if it weren't for their "new" feature where they stopped syncing with Outlook notes and I had to have someway of backing up/sync'ing note items with the rest of my PCs. (I backup my iPhone to an abacus at home...)
Re:FTA - Nefarious or just stupidity. (Score:5, Interesting)
I used this just today actually - I left my phone in my bedroom on it's charger, and I missed a call. I was able to click a 'redial' button on my MacBook Pro and return the call.
It was rather convenient, actually.
Re: (Score:3)
It also allows you to pick up your phone from your computer or other devices. It's immensely useful if you sit at a desk and need to take a call, you can just use a headset. It's kind of 'expected' that such notification data runs throughout the ecosystem. Don't like it, turn off iCloud, then it doesn't happen unlike Android devices where it always happens regardless of your settings.
Re: (Score:3)
This is the inevitable consequence to people wanting to use services that have an "ecosystem" that is maintained in the cloud instead of within their own local set of devices. It is not impossible to imagine having the same capabilities enabled through an ecosystem that maintained the data all on devices local to the user. However, unless people demand such an ecosystem (and are willing to pay for it), the friendly people who have built out all of their "cloud" infrastructure capabilities will be happy to
Re: (Score:2)
Well, I think it's entirely possible to have the 'ecosystem' be in a private server environment, plenty of people pay for it (usually large enterprises) but for the average consumer it's both too costly and too complex to maintain. Then you'd have a handful of servers all over that are 'vulnerable' to some mass attack.
So why did the FBI have to crack the iPhone? (Score:2)
Remember when the FBI was laying heavily on Apple to crack open the iPhone of that Terrorist dude that shot up the work-party in California? Apple refused, and this was a story for weeks in the news. John McAfee claimed his guys could crack it in 14 hours or something?
Anyway, if Apple retains all this data, why was cracking the iPhone such a big deal? Is half the news (or maybe more) all made-up bullshit just to entertain me?
Maybe Trump isn't really president and the news is just telling me that to keep me
Re: (Score:2)
Because they reset the password
Re: (Score:2)
Well as I'm sure you've RTFA
A> They had to have the iCloud connection turned on to sync and backup to get the last 4 months of the call records.
B> Even if they did it only collected call records made to and from the phone (this was pre-iOS10 so Skype calls weren't tracked) not contacts or text messages or emails or voicemails.
Re: (Score:2)
Apple respects your privacy when it is in the public eye and thinks it can get credit for doing so. Behind the scenes- screw privacy!
This isn't a dig at apple. They all do this. Pay lip service to protecting your privacy whilst they sell your wiener size to Trojan for market research.
Re: (Score:2)
Trust and faith in privacy is restored and the public goes back to fully trusting the brand and the networks.
Who would buy a US product if it comes with extra mandated hardware by big gov with logs ready for open court?
Junk trap door and back door crypto in every device as designed? The risk is the wider pubic stops talking online.
So a big public show was put on and everyone feels so safe to talk, txt on their big brand devices again.
The absolute power of proprietary software (Score:2)
Once again, a proprietary software company is caught red-handed violating users' privacy. Sigh.
Why are we still trusting those companies who engage in software abuse, mistreating our digital lives? What will it take before mass resignation of such companies' employees because they're fed up from being part of immoral spying schemes?
Oh, and don't give me that food on the table bogus argument; Red Hat makes hundreds of millions profit a year with free software, and most web developers who mix and match free
E.T. phone home (Score:1)
but turn off i-Magellanic-Cloud first.
VoIP companies keep logs forever (Score:2)
I recently discovered, that my VoIP-provider had the history of my calls from ever since I opened the account 7 years ago. It is conveniently searchable and downloadable in several spreadsheet-formats.
I suppose, when I get to writing down my memoirs, it will come very handy, but it is a little irksome in the mean time. I doubt, I can turn it off or somehow request the records to be removed — I would be the first to object to any legislation forcing people to forget [iflscience.com] anything.
Re: (Score:2)
Not only that, but their monitoring utilities are likely recording all of your conversations too (assembled rtp from pcap). This is helpful to the VoIP provider to troublehshoot jitter and latency. Of course, they *probably* delete these captures after a short period of time because storage would quickly kill them.
But for a while, anyone with access to the utils can listen to your past conversations.
Apple's response to this report: (Score:1)
*crickets*
Re: (Score:1)
Pffft. You really think I'm going to let facts get in the way of my cherished opinions?
And Apple blocks 911 calls if you refuse to update (Score:1)
I have an IPhone 4S using wifi and a Consumer Cellular account. Last summer in France I encountered an Apple software problem that locked my phone. The Apple store in Paris fixed it but I turned off automatic updates to stop the problem from repeating while I'm in the lovely French countryside. Apple ignore my "Don't update" instructions; they downloaded the update anyway and installed nagware that "reminds me" every evening that updates are off and I should install the new OS update..
The end result is t
Re: (Score:2)
So, you're fully aware that there's an 'emergency call' option which bypasses everything, but you choose not to use it.
Instead, you choose to continue to use a phone that you *know* has a nag screen, that you *know* you can bypass, and that you *choose not to.*
And this is somebody else's fault.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Apple Surveillance (Score:2)
Apple iSurveillance(tm)- "It Just Works!"
Android too (Score:2)
Aww (Score:1)
Almost all the same data appears in my phone bill (Score:1)
The Cloud (Score:2)
Re: (Score:2)
Re: (Score:2)
Umm, I don't happen to own any idevices, but is it possible there's a difference between enabling "iCloud" and "iCloud backup"?