Privacy alert -- Your iPhone is secretly sending your call history to iCloud

iphone-with-earbuds

iCloud is hardly the finest example of secure cloud storage, as numerous hacked celebrities will attest. So it is perhaps a little concerning to learn that Apple is -- according to a Russian security firm -- storing months of call logs to iCloud without many users being aware of what’s going on.

Elcomsoft, which specializes in cracking software, discovered that if you are an iPhone owner with an active iCloud account, four months' worth of your phone calls have been stored online. Many people will see this as a privacy concern but, worryingly, Apple does not provide a way to disable call log syncing.

The privacy concerns are very real, despite Apple's protestations that it will not provide governments of law enforcement agencies with access to encrypted data stored on phones. But by pushing data to iCloud, there is a way for the company to get around this seemingly customer-friendly policy. Writing about the discovery on the Elcomsoft blog, Oleg Afonin from the company points out:

We've seen Apple moving more and more data into the cloud. iCloud data (backups, call logs, contacts and so on) is very loosely protected, allowing Apple itself or any third party with access to proper credentials extracting this information. Information stored in Apple iCloud is of course available to law enforcement.

There is cause for concern in households where an iCloud account is shared between different phones. Calls made and received on one phone will be synced to the other thanks to iCloud backups. A data extraction tool created by Elcomsoft is able to take advantage of this to pull full call history from an iCloud account, complete with contact names.

If you really want to stop your call history making its way to the cloud, you’re going to have to ditch iCloud Drive, as Afonin goes on to say:

Apple is well aware of the trouble some users are taking with call sync. For those who use several iPhone devices in a family, Apple recommends not using the same Apple ID on those devices, recommending Family Sharing instead. Some users note that Family Sharing is not an ideal solution since it doesn't allow sharing iCloud Photo Library. In our opinion, Apple's recommendation actually makes sense as someone’s Apple ID is personal and should not be used across devices owned by different persons (even within the family).

If you are using two or more iPhones (e.g. for work and for personal use), you may still have to go with a single Apple ID. If this is the case, and you don’t want your calls synced across the two iPhones, consider disabling iCloud Drive on one device (don’t mix it up with iCloud; iCloud Drive is available elsewhere and can be disabled separately from iCloud). This way you'll prevent call sync without affecting things such as iCloud Photo Library or iCloud backups. You will, however, lose the ability to sync data across third-party apps that may use iCloud Drive to save their data.

Signing out of FaceTime does not stop call syncing. Disabling iCloud on one of the devices does stop call sync, yet you will lose much more compared to just shutting off iCloud Drive.

While the feature isn't widely known, Apple says it's for the benefit of its users and explains:

We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers' data. That's why we give our customers the ability to keep their data private. Device data is encrypted with a user's passcode, and access to iCloud data including backups requires the user's Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.

Are you concerned about your call history being pushed to iCloud where it could potentially be accessed by others?

Photo credit: charnsitr / Shutterstock

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.