Apple doesn’t offer the ability to disable the syncing of FaceTime and cellular call logs to iCloud.
Russian software maker Elcomsoft today announced an update to its Phone Breaker product that downloads your iPhone’s call history from your iCloud account, taking advantage of the fact that Apple stores call logs in iCloud whether users want it to or not.
Apple’s storage of call logs—both FaceTime and cellular—in iCloud might be welcome to those who, say, miss a call on their phone and want to call back later using their iPad or computer.
But it’s also a boon for law enforcement, Elcomsoft said, since in many cases all they need to download call data is an iCloud user name and password, even if they can’t access an encrypted iPhone.
The worst part? You can’t turn off iCloud call syncing.
“Automatic cloud sync of call logs is great if you know about it and have an option to shut it off,” Elcomsoft CEO Vladimir Katalov said in a statement. “While Apple works hard to improve security of their physical devices, they move more and more data into the cloud where law enforcement can easily obtain it.”
Elcomsoft has a history of releasing software that exploits loopholes and can be used by law enforcement or other snoopers with more nefarious purposes. Phone Breaker is no exception; it’s marketed specifically to “bring synced call logs before the eyes of the law enforcement.”
For its part, Apple highlighted iCloud’s security measures, but it did not say whether or not it plans to offer the ability to disable the storage of call records in the future.
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” the company said in a statement. “Apple is deeply committed to safeguarding our customers’ data.
Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password.”
Apple has frequently been in the spotlight this year for its commitment to user privacy, including a high-profile refusal in February to assist the FBI in accessing encrypted data on the San Bernardino shooter’s iPhone.
While iCloud call records may blemish this privacy commitment, Apple is not alone in storing the call records of its customers.
Another Elcomsoft product, called Cloud Explorer, extracts the call logs synced by devices running Android 6.0 or later by accessing the user’s Google account.