Modern smartphones make it easy to back up all your data to the cloud so you can keep it synced across devices, or download it to a new phone. That can have unfortunate consequences, however – especially when phones are syncing sensitive information that users aren’t explicitly aware of, and then a company famous for developing smartphone cracking software finds out.
Moscow-based Elcomsoft recently added a feature to its Phone Breaker software that the company says can retrieve an iPhone user’s call history data via iCloud. To use its software to crack an iCloud account, an attacker would need your login data or a login token from one of your devices.
Apple saves up to four months of a user’s call history whenever they are using iCloud Drive, according to Elcomsoft. The call history saved to iCloud keeps detailed information including phone numbers, dates, times of day the calls were made or received, and duration of calls, as first reported by the Intercept. Data for missed and ignored calls is also synced. In iOS 10, this synced data includes call data from VoIP apps that use Apple’s new CallKit framework.
In response to Elcomsoft’s announcement, Apple told iMore that it supports “call history syncing as a convenience to our customers so that they can return calls from any of their devices”.
Why this matters: The problem isn’t so much that Apple is syncing call logs. It’s how it’s implemented. Call log syncing is a nice convenience for those who want it, which is why Apple did it in the first place. But for those who don’t want to sync their call logs, or weren’t expecting to, it’s a huge problem.
What’s missing? Consent and control
For starters, this call history data is the same information the National Security Agency was so interested in obtaining, which the public discovered during the initial Snowden leaks in 2013. As the Intercept points out, four months of data records is twice as long as mobile carriers maintain that same information. Privacy-conscious users would not like this data easily accessible to law enforcement regardless of their proclivity for criminal activity.
The second issue is that there’s no explicit way to turn call syncing on or off. You can stop it by shutting down iCloud Drive, but that means you lose every other convenience of that service.
Apple also did a terrible job of disclosing this information. Call log syncing is mentioned in Apple’s security white paper released in May, a PDF document that few users would ever read.
But why isn’t it in this iCloud security and privacy overview from Apple’s support pages? It lists all kinds of other sensitive data sent to iCloud and how it is protected, but at this writing mention of call history is absent, as is any mention of SMS and MMS. Or how about this support page, which lists backed-up iCloud data similarly to the white paper, yet call history is absent at this writing. These two pages were last updated in mid-September and at the end of October, respectively.
Now, before you go searching for a loophole as to why mention of call history syncing wouldn’t be on either of these pages, ask yourself this: What’s more important? To know that your browser bookmarks and ringtones are synced to iCloud, or that your call history is? Exactly. This is a major oversight on Apple’s part.
Elcomsoft says call syncing to iCloud has existed since at least iOS 8.2, released in March 2015. A quick search on various Apple-themed forums shows people starting to complain around that time about call syncing across multiple devices—especially when two users shared the same iCloud ID.
So what’s the solution? Simple. Apple should offer granular controls for what is synced to iCloud. Rene Ritchie on iMore rightly observes that this could result in “settings fatigue” where users are overwhelmed by too many options. Nevertheless, that’s a risk Apple should be willing to take if it truly cares about user privacy.
For now, users have a choice to make. Those who like the convenience of call syncing don’t need to do anything. Anyone who is bothered by it can shut off iCloud Drive. The extra concerned could also delete their phone calling history on their devices before shutting down iCloud Drive. That change should be reflected on Apple’s servers fairly quickly; however, there could still be redundant backups of this information kept on Apple’s systems for a time.
Regardless of which camp you fall into, everyone should also enable two-factor authentication. That makes it much harder for a hacker to access your data stored on iCloud. Two-factor authentication won’t, however, prevent law enforcement from legally obtaining iCloud data directly from Apple.
If you’re using an Android phone, know that Google also stores this data on all devices running Android 6.0 and up when they are signed in to Google Play Services, according to Elcomsoft. In other words, pretty much every Android user with a modern phone.