A Russian company which sells iPhone cracking tools to government and business has claimed to have discovered that the call logs of iPhone users are stored and updated in the company’s iCloud infrastructure on a real-time basis, even when users have chosen not to automatically back up with iCloud.
Moscow-based Elcomsoft, which specialises in decryption and password cracking, discusses the matter in an initial and follow-up post at its blog, observing that the iOS feature is ‘a blessing for law enforcement’, since it potentially strips away the need to attack the encryption on the phone itself and gives authorities a potential legal route to at least attempt to access the information via Apple’s servers, without the possibility of the data on the phone being erased after ten attempts – as iOS has been configured since version 8.
The first of the Elcomsoft posts comments:
‘iCloud data (backups, call logs, contacts and so on) is very loosely protected, allowing Apple itself or any third party with access to proper credentials extracting this information. Information stored in Apple iCloud is of course available to law enforcement.’
Part of the reason for the insistent update seems to be that many couples and other family members share a single iCloud log-in across multiple devices, which seems to be handled unintelligently by Apple’s infrastructure.
Elcomsoft’s Oleg Afonin notes iPhone customer complaints about cross-device synching of call logs, made at the MacRumors forum: one iPhone user found that clearing his recent call list on either his 5c (business) and his 6s (personal) would result in both phones’ call list being erased. Extensive tech consultation with Apple was unable to explain the phenomenon, until the user consulted a ‘genius’ at an official Apple store:
‘He was stumped as calls would show up on one phone and then the next, right in front of his eyes. I demonstrated how if I cleared the calls on one phone it would result, 30 seconds or so later, with the other list being cleared. He went to the back and consulted with his senior and came back with the answer. He said both phones share the same Apple ID and there was nothing which could be done about it.’
Presumably the problem could potentially be resolved – or at least made addressable – by creating separate Apple IDs, but users seem to feel that the convenience of sharing common data and settings across devices makes this undesirable. On the face of it, Apple seem to be hacking their way round an end-use scenario that they had either not anticipated or do not want to encourage.
Another user in the MacRumors thread suggested that storing a Google contact list between phones would resolve the problem.
Elcomsoft observes that the only way to prevent the call logs being constantly updated in iCloud would be to completely disable iCloud drive functionality, observing that this ‘would also prevent apps from storing documents and data (such as WhatsApp backups) in the cloud.’