Apple stores users' call history to iCloud without giving them the option to disable this

In a blog post on its web page, Russian security firm Elcomsoft announced the little-known fact that Apple saves up to four months of users' call history in their iCloud account, complete with details such as phune numbers, dates, times of the day when the call were made or received, and their duration. Missed and ignored calls are also uploaded, along with call data by VoIP apps based on Apple's CallKit framework.

The iPhone maker has deemed this a convenience feature that helps customers make and return calls from any of their devices. According to Elcomsoft, it has been doing this since at least iOS 8.2, released in March 2015. Unfortunately, users don't have the option to opt out of this feature, and aren't informed about it unless they have read a rather obscure iOS security white paper.

Meanwhile, four months of call history (twice as long as that kept by wireless carriers) is sensitive data that's of potential interest to attackers and law enforcement agencies, accessible by obtaining a user's login data or a login token from their devices.

Users can still stop uploading of call history data by turning off iCloud Drive functionality, which will prevent third-party apps that rely on it to save data from doing so – this might be an inconvenience for some.

Elcomsoft notes that the ability to sync call logs to the cloud isn't unique to iOS devices. Google has enabled this feature for Android 6.0 phones and newer that are signed to Google Play Services. Windows 10 Mobile also syncs call logs across devices that share the same Microsoft account. However, Android users have the choice of opting out of syncing this and other information within their smartphones' sync options.

source: Elcomsoft via Macworld