Update: Apple has not yet commented on the specific claims made, but tells us:
Elcomsoft – the Russian company which sells iPhone cracking tools to governments and corporations – says that iPhones send near real-time call logs to Apple servers even when iCloud backup is switched off, and that these logs are stored for up to four months.
Elcomsoft CEO Vladimir Katalov told Forbes that it also isn’t just traditional phone calls that are logged, and that iOS 10 has expanded the scope of the logging …
This is likely as a result of iOS 10’s CallKit support.
All FaceTime calls are logged in the iCloud too, whilst as of iOS 10 incoming missed calls from apps like WhatsApp and Skype are uploaded, said Elcomsoft, which provides phone forensics tools to police.
Katalov said that the logs are uploaded from any iPhone which has iCloud Drive enabled.
The company says that while Apple is open about allowing law enforcement access to iCloud backup data on receipt of a court order, the company doesn’t disclose that it holds call logs even when backups are not enabled. Katalov also challenged the statement on Apple’s website that it only stores FaceTime call logs for 30 days.
“Syncing call logs happens almost in real time, though sometimes only in a few hours,” he added. “But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case many applications will stop working or lose iCloud-related features completely.”
iOS forensics expert Jonathan Zdziarski told Forbes that he believed this was an oversight by Apple rather than any deliberate attempt to obfuscate the information it holds.
Synced data contains full information including call duration and both parties. We were able to extract information going back more than four months.
Apple has already indicated an intention to use full end-to-end encryption for iCloud backups at some point in the future. At present, backups are encrypted but Apple holds the key; by switching to end-to-end encryption, Apple would have no access to the data.
A previous report claimed that Apple was intercepting all iMessage contacts, though in that case it was due to a misunderstanding of how Apple’s systems work.