Apple stores users' call history to iCloud without giving them the option to disable this


In a blog post on its web page, Russian security firm Elcomsoft announced the little-known fact that Apple saves up to four months of users' call history in their iCloud account, complete with details such as phune numbers, dates, times of the day when the call were made or received, and their duration. Missed and ignored calls are also uploaded, along with call data by VoIP apps based on Apple's CallKit framework.

The iPhone maker has deemed this a convenience feature that helps customers make and return calls from any of their devices. According to Elcomsoft, it has been doing this since at least iOS 8.2, released in March 2015. Unfortunately, users don't have the option to opt out of this feature, and aren't informed about it unless they have read a rather obscure iOS security white paper.

Meanwhile, four months of call history (twice as long as that kept by wireless carriers) is sensitive data that's of potential interest to attackers and law enforcement agencies, accessible by obtaining a user's login data or a login token from their devices.

Users can still stop uploading of call history data by turning off iCloud Drive functionality, which will prevent third-party apps that rely on it to save data from doing so – this might be an inconvenience for some.

Elcomsoft notes that the ability to sync call logs to the cloud isn't unique to iOS devices. Google has enabled this feature for Android 6.0 phones and newer that are signed to Google Play Services. Windows 10 Mobile also syncs call logs across devices that share the same Microsoft account. However, Android users have the choice of opting out of syncing this and other information within their smartphones' sync options.

source: Elcomsoft via Macworld

FEATURED VIDEO

21 Comments

1. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

"Privacy" is a thing of the past, and I'm not just talking about Apple here. Anyways, waiting for Fandroid trolls celebrating and Apple priests like Mxy defending.

2. iushnt

Posts: 3083; Member since: Feb 06, 2013

If you really want to see true Apple priests, head on to Appleinsider. There, you can see that people really do pray Apple as God on daily basis. Refading comments there would be really funny.

3. Mxyzptlk unregistered

You really love stirring the pot don't you?

5. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

Sometimes 12 year old keyboard warriors like you can be entertaining, that's why.

7. sissy246

Posts: 7035; Member since: Mar 04, 2015

No more then you do.

14. meanestgenius

Posts: 21611; Member since: May 28, 2014

Pot, meet kettle.

20. lyndon420

Posts: 6606; Member since: Jul 11, 2012

Why wait for anyone? Just say your piece and leave. :)

4. Foxgabanna

Posts: 582; Member since: Sep 11, 2016

It's too late to try and stir up the pot about privacy. Call history is something Apple, Samsung, Microsoft, Blackberry, and other companies use called "Backup". They win you over by amazing you with benefits in trade for your privacy. If we should be worried about anybody it's "GOOGLE".

6. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Deflecting for Apple while attacking Google. Didn't you read Google allow their user to disable the call logging.

8. cmdacos

Posts: 3974; Member since: Nov 01, 2016

Google is one of the most transparent in terms of the data stored and used and have many options for opt in vs opt out. Much of the data stored adds immense convenience which is why i am 100% in with Google. There is nothing be shared that is private in nature from my perspective.

9. NarutoKage14

Posts: 1314; Member since: Aug 31, 2016

Apple is a dictatorship, what did you expect? Their way or the highway.

10. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

So much for "we take your privacy seriously"/"you're in control of your data". I've said it before and I'll say it again; values change, the data doesn't. This is why I'm best suited with non-stock Android. Free to disable/block all of google's spyware services with tools readily available on the Play Store (eg. DisableService), set whatever I want as the default (most OEMs provide great alternatives), and keep using my phone how I like.

13. kiko007

Posts: 7493; Member since: Feb 17, 2016

You can't be stupid enough to actually think a Linux based Android device can be completely undetected while STILL using the Play Store? Do you honestly think Google doesn't know apps like that exist, and have taken measurements to circumvent the usuage of such apps? Don't be absurd.......you're as much a cash cow as the simpletons who use Google Photos. No Linux based device can escape security holes.....

15. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

You can't be that asinine to interprete having control over what data is mined as being "undetected" or "immune to security holes"...oh wait, you just proved to be. Android isn't iOS, where everything is dictated to you like a sheep, stop impotently trying to equate them. Google gives us the flexibility and choice to make our devices, which we paid for, work as we want, including replacing their services, if we so choose. That's the beauty of Android, choice, which you're clearly not familiar with...

17. kiko007

Posts: 7493; Member since: Feb 17, 2016

"You can't be that asinine to interprete having control over what data is mined as being "undetected" or "immune to security holes"...oh wait, you just proved to be." Keep living the dream MrE........because if you've read the ToS from Google regarding their services, and articles regarding data mining on the part of the three tech giants, you would know that's ridiculous. "Android isn't iOS, where everything is dictated to you like a sheep, stop impotently trying to equate them." Oh great......the old "sheep" insult. You'd think that a group as large as the Android community would be able to come up with better insults. Then again, it is mostly grunt workers passing themselves off as "informed" tech enthusiasts. Lmfao......stay classy :). "Google gives us the flexibility and choice to make our devices, which we paid for, work as we want, including replacing their services, if we so choose. That's the beauty of Android, choice, which you're clearly not familiar with..." Who's the sheep now?

18. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

Keep sticking your head in the sand diko, it's what you do best. In the real world, it's no dream to have control over your data...then again, wouldn't expect someone as arrogant and asinine as you to realize that when apple doesn't give such option on their device.

19. kiko007

Posts: 7493; Member since: Feb 17, 2016

"Keep sticking your head in the sand diko, it's what you do best." Strange. Someone here has their head in the sand (more specifically, their ass) but it isn't me. I wonder who it could be........? " In the real world, it's no dream to have control over your data..." Whatever helps you sleep at night man. I know better than to think naive s**t like that.......read past the fine print my friend. "then again, wouldn't expect someone as arrogant and asinine as you to realize that when apple doesn't give such option on their device." When did this become about Apple? I came at you because you thought that you could circumvent Google and still use some of their services....... Apple had almost no part in it. Your blind fanboism for the green robot is causing your cognitive abilities to disperse......

24. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Read like an essay about yourself. Just need to replace green bot with fruit and Google with Apple.

21. lyndon420

Posts: 6606; Member since: Jul 11, 2012

Why are you using third party apps? You do realize you can disable the Google apps you aren't interested in right?

22. kiko007

Posts: 7493; Member since: Feb 17, 2016

Ummmmm.......who said I don't like G-services? I like them just fine.....I was explaining to him that you can't avoid data mining even when you THINK you are. Google's business model relies on user information. They use Google Play Services to get said information.....as long as within legal bounds.

23. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

DisableService doesn't disable the entire app, it disables parts of the app. For example in the case of google play services, which handles push notifications and does other data mining too, I used DisableService to disable it's "location shearing" aspect. Also using XPrivacy for more permission controls when the simple allow/block options provided by Privacy Guard isn't enough.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.