Apple has talked up privacy and end-to-end encryption of iMessage conversations, but a new report suggests that Apple may be logging and potentially sharing information like phone numbers of people that you iMessage with law enforcement agencies.
A report in The Intercept goes into the technical details of what happens every time a user types a number into an iPhone for a text conversation. According to the publication, the Messages app "contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system or over Apple's proprietary and more secure messaging network". This determination results in the green-coloured conversations for SMS and blue-coloured for iMessage chats, which should be familiar to every iPhone user by now.
The accusation made by the publication is that Apple logs and stores each of these queries for X days, with the date & time stamp as well as the IP address, which the publication claims can be used to identify a user's location. The Intercept acquired this document as part of a large chunk of documents from the Florida Department of Law Enforcement's Electronic Surveillance Support Team. Although the contents of iMessages sent over Apple's servers are encrypted end-to-end, thereby making them unreadable even to Apple, the metadata mentioned above could be used to connect dots during a criminal investigation.
Apple is known for its strong stance towards customer privacy in recent times, including denying the FBI's request to unlock an iPhone of one of the two accused in the San Bernardino shootings in the US. So does the report suggest that Apple is not playing by the high standards it has set for itself?
9to5Mac.com's Jordan Kahn points out that Apple has openly admitted in the past to the alleged accusations. It is mentioned several times in Apple's legal page on their website, that Apple does log this information. The company says, "When you use your device, your phone number and certain unique identifiers for your iOS Device are sent to Apple in order to allow others to reach you by your phone number when using various communication features of the iOS Software, such as iMessage and FaceTime."
Furthermore, "Apple has FaceTime call invitation logs when a FaceTime call invitation is initiated. These logs do not indicate that any communication between users actually took place."
The same page also suggests that if a device is running iOS 8 or above, Apple will not be able to extract any information, as the data is protected by an encryption key tied to the product's passcode. At this point, only 3 percent of devices run a version older than iOS 8, according to Apple's Developer page. Apple admits it will be able to extract data on products running versions prior to iOS 8, including SMS, iMessage, MMS, photos, videos, contacts, audio recording, and call history.
Apple also suggest that upon a search warrant, it may be able to provide iCloud content including photos, documents, contacts, calendars, bookmarks and iOS device backups which contain iMessage, SMS, and MMS messages and voicemail to the authorities.
Lastly, The Intercept's claim of Apple storing a user's location was debunked by 9to5Mac, suggesting that IP addresses don't "offer exact location or even always accurate location data that could allow law enforcement or anyone else to pinpoint your location."