
iPhones send call history to Apple, security firm says - mcagl
https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/
======
peterkelly
I'm not sure how this is "secret". If you're using iCloud on your mac and your
iPhone, and open up Facetime on the former, you'll see a call list (including
regular phone calls, not just facetime).

I agree it's undesirable that call history is sent to Apple - but it's pretty
easy to notice if you use facetime across devices that the call history is
synced.

~~~
jwtadvice
The "secret" part is that they include information that is only interesting to
law enforcement (timestamps and durations) in addition to pulling information
from third part communication tools like WhatsApp.

Namely, Apple chose to provide this information to government surveillance
when they could have (and indeed promised) to design it in a way that allows
for the iPhone to be used in sensitive situations and by people who need
security from state coercion and violence.

~~~
SanFranManDan
This doesn't make sense to me. Law enforcement has been able to get that
information easily for quite some time directly from telephony systems.
Timestamps and durations have been a part of phone UIs for quite some time,
which to me indicates that it is in fact interesting to more than law
enforcement... unless phone manufacturers conspired to display that
information to help LEOs when they confiscate phones.

Anyone who cares about state coercion and violence should know phone calls are
about the least sensitive way to communicate.

~~~
jwtadvice
> Timestamps and durations have been a part of phone UIs for quite some time

This is not familiar to me at all. If true, note the remaining points: the
manner in which this data was synchronized allowed this material to be
provided to law enforcement (Apple had other options) and Apple also included
information from third party communication tools used by some people
(mistakenly) to avoid being surveilled.

~~~
eridius
Timestamps and durations have been visible on the iPhone ever since it was
released in 2007. I assume other smartphones do something similar. Integration
with third parties is a more recent feature, it's what lets you use VoIP apps
with the iPhone's native call interface, and those calls end up in the same
call history that your "regular" phone calls do, which is why they're included
in the syncing.

------
snowwrestler
The key detail for me is that if you delete the call from the log on any
device, the next sync will delete it in iCloud.

So the probably-good-enough-for-most-folks way to deal with this is to just
delete calls from your log that you don't want to get archived in iCloud for 4
months.

The sure way is to disable iCloud entirely, but that reduces convenience in
all sorts of ways (syncing iTunes music, for instance).

The ideal would be for Apple to figure out how to provide the services of
iCloud in such a manner that they don't have access to user data. Apparently
they are working on that but it would obviously be a major change, and risky
too.

Most people don't care that Apple has to see their data in order to sync, but
boy will they be pissed if Apple makes their data permanently unreadable. Most
people want to be able to go into an Apple store and get problems fixed.
Imagine being an Apple retail tech and explaining to some 50-something lawyer
that because they lost their password there is absolutely nothing you can do.
"Sorry man--encryption."

~~~
anondon
> The key detail for me is that if you delete the call from the log on any
> device, the next sync will delete it in iCloud.

I highly doubt that it is a hard deletion of data. My guess is that it would
be a soft delete, so your call log won't show up on your iPhone, but the data
will be retained on Apple's servers.

~~~
snowwrestler
I'm just going by the article:

> One way call logs will disappear from the cloud is if a user deletes a
> particular call record from the log on their device; then it will also get
> deleted from their iCloud account during the next automatic synchronization.

~~~
cmdrfred
Does apple delete it from all their backups as well?

~~~
NumberCruncher
No worries, the NSA keeps a copy for you.

------
galad87
Call history is synced between devices via iCloud, so what's the news here?

------
droopyEyelids
Note to media companies (and everyone else) talking about security: _You have
to put security elements in context to say anything reasonable_

That means both: 1) Consider your audience, and 2) Do a 'risk analysis'
(Meaning figure out where the security issue starts to outweigh the
convenience and describe the actual impact of the issue.)

This article (and Forbes') are both severely damaged by a failure to do
either. Without stating the contexts where this call logging is a problem, and
who it is likely to affect you end up writing alarmist nonsense- _especially_
when the audience is the general public.

------
pksadiq
> Apple's Reply:

>> Device data is encrypted with a user’s passcode, and access to iCloud data
including backups requires the user’s Apple ID and password.

Can't Apple ID password be reset? If so, how can it be a true encryption?

~~~
redial
> Device data is encrypted with a user’s passcode

I think it uses the _passcode_ you set on your phone, not the _password_ of
your iCloud account.

~~~
pksadiq
> I think it uses the passcode you set on your phone, not the password of your
> iCloud account.

May be true, but

> access to iCloud data including backups requires the user’s Apple ID and
> password.

probably doesn't requires the passcode that the user have set, because this
data is available across several devices, and the only common thing would be
the Apple ID and its password.

~~~
jsolson
If you've recently set up iOS devices you'll have seen it ask for the passcode
_for another device_ before you can access iCloud data on the new one.

~~~
djrogers
^ This. First time it happened I was a little confused, but once I realized
what was happening I was ecstatic about it's implications for iCloud backup
security.

~~~
josephg
Yep. iCloud security is fantastic. Here's a write up on how the keychain
security works:

[https://tidbits.com/article/14557](https://tidbits.com/article/14557)

It involves hardware security modules, cross-device crypto signing and other
fun stuff. Apple _cannot_ access the data they store about you on their
servers.

From Apple's documentation:

Apple designed iCloud Keychain and Keychain Recovery so that a user’s
passwords are still protected under the following conditions:

\- A user’s iCloud account is compromised.

\- iCloud is compromised by an external attacker or employee.

\- Third-party access to user accounts.

~~~
duskwuff
Note that the keychain security is a bit of an exception -- it's particularly
strong, as it's protecting password data. (My favorite detail, not mentioned
in the original white paper: To prevent the iCloud Keychain HSMs from being
updated with a more lax policy, the smartcards that would have been required
to update them were destroyed in a private ceremony involving a blender.)

Other data in iCloud is generally under less extreme levels of security. This
isn't to say that it's insecure, merely that it's not as fanatically
protected. Some of it may be accessible by resetting your account password.

------
romjak
Some other items that get synced through iCloud are phone numbers and emails
of people you text, or send email to, even if they are not in your address
book. Searches you put into Maps are also synced this way as far as I know.

Most of this data can be viewed on a macOS if you are signed in with the same
iCloud account. It is stored in plist-files in a special folder called
"SyncedPreferences".

~/Library/SyncedPreferences
~/Library/Containers/com.apple.corerecents.recentsd/Data/Library/SyncedPreferences

It has bothered me for a long time that there is no way to disable call log,
text and email recipients syncing in preferences. While I can see how users
might find this feature useful, it should be made more obvious what is
actually happening when you sign into iCloud.

And by the way, disabling iCloud Drive does not disable the syncing of
"SyncedPreferences".

------
MaysonL
I'd be more worried about my carrier keeping call history forever than Apple
keeping it for a few months.

------
jwtadvice
The thing to note here is that it includes all information about the calls
including the times and durations and the logs also intercept communications
from third party apps like Skype, WhatsApp, and Viber, and that all of this
information is available to law enforcement.

This is despite Apple's PR statements claiming that the company has designed
the phone and its logs to minimize or eliminate the amount of information will
be used to feed into law enforcement surveillance requests.

------
JustSomeNobody
It has to get from one device to another somehow, right?

There's total[0] privacy and then there's degrees of privacy and convenience.
You can't have total privacy and total convenience. At least not presently.

[0] Total is one of those words like 'always' and 'never' that people should
try and avoid. Myself included.

~~~
babuskov
> You can't have total privacy and total convenience. At least not presently.

Encrypt the data using a password you enter on both devices and only transfer
it encrypted across network?

~~~
haikuginger
Cost to convenience: if you lose or forget your password, you lose your data.

------
junto
I've never enabled iCloud on any of my iOS devices, since I find it a bit
creepy.

What real benefits am i missing out on that outweigh the privacy aspects of
not using it?

Find my iPhone would seem to be an obvious benefit, but are there any others?

~~~
dkonofalski
What privacy aspects are you referring to? iCloud is extremely secure unless
you disable certain aspects of its security or choose to use a weak password.

------
TeMPOraL
Well, _of course_ it does. The question is - why?

~~~
M4v3R
Apple's response in the article explains it - so the user of multiple devices
has the call log on all of them, so he can respond to calls on any device.
Also, this helps when you set up a new phone.

~~~
unethical_ban
I feel like "sync" is an iCloud feature.

~~~
huxley
It is, but they are talking specifically about iCloud's backup feature being
switched off, not iCloud itself. Syncing is not the same as backup.

~~~
givinguflac
Yup, this is exactly it. Even with backup turned off you can answers calls
from your Mac/iPad... Why is this surprising?

------
kimshibal
i'm still using my trusty motorolla razr

~~~
faitswulff
If you're not joking, I'm curious how long the battery lasts nowadays. Has it
significantly declined since you first got it?

~~~
cptskippy
If he's referring the flip phone, and not the Droid Razr, then we're talking
about a phone that had a standby time measured in weeks. At best it lasts
probably 10x longer than today's smartphones so even a 75% reduction in
battery life is still better than what we deal with today.

~~~
shinratdr
It's amazing how long a battery can last when it's connected to a device that
doesn't do anything.

Have you ever measured the battery life of a battery still in the package?
It's amazing, standby time is like years.

~~~
vsgxvhdxh
Some people still want their phone to (1) make phone calls (2) make phone
calls. For them a phone that makes phone calls and the battery lasts a week is
far more full featured.

~~~
shinratdr
Yeah and some people still want a typewriter. They can have one. That doesn't
make it any more useful than the one trick device it is.

------
jamisteven
Please tell me they didnt spend any money to figure this out.

------
TazeTSchnitzel
iCloud phone backups contain all sorts of other data, too. But it's encrypted.

------
cndjckdovj
I wonder if The Intercept will qualify as "fake news" in the near future for
exposing things like this.

~~~
Amir6
What (TF) are you talking about??!!

