Apple admits logging iMessage metadata and sharing it with law enforcement

“Apple promises that your iMessage conversations are safe and out of reach from anyone other than you and your friends,” Sam Biddle reports for The Intercept. “But according to a document obtained by The Intercept, your blue-bubbled texts do leave behind a log of which phone numbers you are poised to contact and shares this (and other potentially sensitive metadata) with law enforcement when compelled by court order.”

“Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple’s proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document,” Biddle reports. “Apple records each query in which your phone calls home to see who’s in the iMessage system and who’s not.”

“This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that ‘we do not store data related to customers’ location,’ identify a customer’s location,” Biddle reports. “Apple is compelled to turn over such information via court orders for systems known as ‘pen registers’ or ‘trap and trace devices,’ orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are ‘likely’ to obtain information whose ‘use is relevant to an ongoing criminal investigation.’ Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.”

Read more in the full article here.

MacDailyNews Take: Of course Apple needs that information in order for iMessage to function and would of course share that very limited information with authorities when compelled to do so via court order. To us, this “news” is unsurprising and expected.

When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place. — Apple Inc.’s statement to The Intercept

26 Comments

  1. This is hardly news since I first read it in Apple’s T & Cs about 5 years ago…yes, I know, who the hell reads T & Cs…but Apple has never made a secret out of it.
    I think I was prompted to read them when there was a lot of frothy fud going the rounds over iPhone cell tower tracking. When I think about it, folk were totally ignorant about cellular and gps information and how it works back then…and nothing has changed.

    1. Please stick to the subject, Christopher.

      People, read the iCloud user agreement. What is on the iCloud is encrypted by Apple, not by you. They have the keys and can read anything you store on Apple’s servers. Despite all the public statements about user privacy, Apple obviously caved to the law that does give the enforcement agencies, with court-issued warrant, the right to read anything Apple has. Welcome to the new world.

      Bottom line: Stop pretending Apple can offer ultimate privacy. if you didn’t encrypt it yourself and hold the only key, then your data is not under your control. Law abiding citizens may not care, but it certainly undermines Cook’s proclamations.

      Is Cook continuing to fight for ultimate user privacy? Doesn’t sound like it.

      1. Watch Ivan Krstić’s presentation from this year’s Black Hat: pay particular attention to the section on the Cloud Key Vault and then come back and tell me that Apple have the keys—clue: they don’t.

        =:~)

    1. I think it a matter of enabling faster machine processing for the messaging. It’s like finding most recent documents under the Open menu in an app, or Mac’s own fusion drives that keep the most recently used data on the solid-state portion of the drive. It’s a assumption that someone you’ve texted in the past 30 days is most likely to be texted to again, so the data is kept on hand.

  2. The IP address is location traceable only if you are on Wi-Fi, which Apple does not need provide the location. It’s derived from other external sources. For mobile IP addresses, there is no way to pinpoint the location of an IP address, unless you cross reference the assigned IP to a Cell carior’s data and if I am not mistaken, you would get an apparent radious of the cell’s range. If you get a history of activity to develop context from other cell towers, you could triangulate locations at certain point of time and determine the path taken. However that requires multiple supenous from both Apple and the cell tower operators and crossrefrence all that data. Not impossible, but task heavy.

    Meta data, I suppose, is fair game.

  3. Oh Apple, you’re such a rebel. What happened to all that FBI BS you’ve been crowing about?

    Folks, if they are legislated into putting in a back door, they will. I don’t blame them for that, but let’s put that notion to bed.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.