Modern smartphones make it easy to back up all your data to the cloud so you can keep it synced across devices, or download it to a new phone. That can have unfortunate consequences, however—especially when phones are syncing sensitive information that users aren’t explicitly aware of, and then a company famous for developing smartphone cracking software finds out.
Apple saves iPhone call history to iCloud, but barely mentions it
Moscow-based Elcomsoft recently added a feature to its Phone Breaker software that the company says can retrieve an iPhone user’s call history data via iCloud. To use its software to crack an iCloud account, an attacker would need your login data or a login token from one of your devices.
Apple saves up to four months of a user’s call history whenever they are using iCloud Drive, according to Elcomsoft. The call history saved to iCloud keeps detailed information including phone numbers, dates, times of day the calls were made or received, and duration of calls, as first reported by the Intercept. Data for missed and ignored calls is also synced. In iOS 10, this synced data includes call data from VoIP apps that use Apple’s new CallKit framework.
In response to Elcomsoft’s announcement, Apple told iMore that it supports “call history syncing as a convenience to our customers so that they can return calls from any of their devices.”
Why this matters
The problem isn’t so much that Apple is syncing call logs. It’s how it’s implemented. Call log syncing is a nice convenience for those who want it, which is why Apple did it in the first place. But for those who don’t want to sync their call logs, or weren’t expecting to, it’s a huge problem.