Apple may well have cultivated a reputation for being one of the companies most committed to user privacy, but that doesn’t mean there aren’t a few cracks in its security efforts.
As first reported by The Intercept, Russian security firm Elcomsoft has revealed that Apple’s handsets automatically store users’ call history to the firm’s iCloud servers, if iCloud is enabled.
However, it seems the information goes to the servers without the user being notified in many cases, with a list of calls made and received, call duration, phone numbers, and dates and times all being stored on the cloud servers for up to four months.
Related: iPhone 7 review
What’s more, Elcomsoft says that FaceTime calls, whether audio or video, are also logged to iCloud automatically,
The security firm believes the storage of both standard and Facetime calls dates back to at least iOS 8.2, launched in March last year.
Those who have upgraded to iOS 10, released earlier this year, will also have data from third-party apps stored on the cloud, including Voice over IP apps such as Skype and WhatsApp.
Apple told iMore that it supports “call history syncing as a convenience to our customers so that they can return calls from any of their devices.
“…Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password.”
Related: Best Black Friday deals uk
Earlier this year the company was involved in a high-profile dispute with the FBI, which wanted Apple to provide access to the San Bernardino shooter’s iPhone.
Apple, which doesn’t maintain a system for accessing individual users’ phones, refused to comply with the request, citing security concerns over the creation of a key or backdoor that could be used for nefarious purposed should it fall into the wrong hands.
Elcomsoft has updated its Phone Breaker software to enable extraction of the iCloud call logs as long as the user’s individual account details are available.
The firm is used by law enforcement agencies and leases some of its extraction code to Cellebrite – a company used by the FBI to access seized phones.
Related: Best Amazon Black Friday deals UK
Those with access to Elcomsoft’s software could potentially access the call history of any iPhone user, even if the account details are unavailable as an authentication token also enables extraction of the data.
Sign up for the newsletter
Get news, competitions and special offers direct to your inbox
Following the 2014 leak of nude celebrity photos, which hackers reportedly stole from the celebrities’ iCloud accounts, concerns over cloud storage security have been at an all-time high.
In the case of call history storage, the issue arises from the fact that users aren’t notified about their data being stored to the cloud.
Some may well opt for the service if they had the choice, but at this point there doesn’t seem to be any way for iPhone owners to turn the automatic cloud storage off, short of shutting down their iCloud service altogether.
Apple doesn’t mention the the storage of call history data on its iCloud security and privacy overview, though it is mentioned in its security white paper from May of this year – but most users are unlikely to have read that document.
For now, if you don’t want your call history to be logged on the cloud, your only choice is to shut off iCloud altogether. Hopefully Apple will soonissue an update to iOS 10 that allows for granular control of the feature.
WATCH: iPhone 7 review
Let us know your thoughts on the news in the comments.