Apple comments on iCloud call history sync: What you need to know!

iCloud on Mac
iCloud on Mac (Image credit: IMore)

Apple has been accused of secretly, surreptitiously backing up and syncing your iPhone call history, in a hidden, and implicitly nefarious way. Sadly, the only thing nefarious here are the motivations of the publications that chose to invent the story. When I asked Apple about the accusation, here's the statement they gave me.

"We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices," an Apple spokesperson told iMore. "Apple is deeply committed to safeguarding our customers' data. That's why we give our customers the ability to keep their data private. Device data is encrypted with a user's passcode, and access to iCloud data including backups requires the user's Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication."

I'm guessing that was after an epic double face palm, head desk, or both.

Wait, back up, what is this all about?

Forbes posted the following:

Apple has a hidden feature for you in its iPhones: call logs going back as far as four months are stored in near real-time in the iCloud. That's the warning today from a Russian provider of iPhone hacking tools, Elcomsoft, which claimed the feature was automatic and there was no way to turn it off bar shutting down iCloud Drive altogether.

Yowza! 'Hidden' feature, really?

The Information called it "secretly" and "surreptitiously", but it's not only wicked obvious why Apple is syncing call history, it's fully disclosed in Apple's security white paper (opens in new tab):

Here's what iCloud backs up:

  • Information about purchased music, movies, TV shows, apps, and books, but not the purchased content itself
  • Photos and videos in Camera Roll
  • Contacts, calendar events, reminders, and notes
  • Device settings
  • App data
  • PDFs and books added to iBooks but not purchased
  • Call history
  • Home screen and app organization
  • iMessage, text (SMS), and MMS messages
  • Ringtones
  • HomeKit data
  • HealthKit data
  • VisualVoicemail

Update: Apple has just now updated their knowledge base (KB) article (opens in new tab) to match the white paper. It's still propagating, so look for the version dated November 17, 2016.

Why is it "wicked obvious"?

Because, when you restore an iPhone from backup, including a new iPhone that replaces your old one, or you enable continuity calling so you can make phone calls from your iPad or Mac, you see your call history.

If Apple wasn't backing up and syncing that information, you would lose it every time you restored your iPhone, and you'd have frustratingly different calling lists across your devices.

It's like setting up your email in Mail on multiple machines and then being told Apple is secretly backing up and syncing your inbox. Or using bookmark syncing in Safari and being told that Apple is surreptitiously saving your bookmarks and making them available across all of your devices.

But what about security and privacy?!

Security and privacy are continually at war with convenience. It's incredibly tough to balance both.

I make 50% of my calls off the call history list (the rest are with Siri), and maybe that makes me a terrible person, but it also makes it an indispensable service for me both to back up and to sync.

If call history sync concerns you, you can disable iCloud Drive in preferences and it'll stop. (It'd be nice if Apple made those all separate settings in, though others may argue it would result in settings fatigue.)

Is there anything Apple could do to make this more secure?

Always! Security is an uphill battle, especially when you're designing systems for mainstream consumers that need to be accessible and approachable. Storing call history in iCloud Drive may be workable but there may also be a better, more granular option as well.

iOS 9 brought 2-factor authentication and iOS 10 made it easier to use. I expect that pattern will continue and we'll keep getting better protection and easier management going forward.

For now, as always, be informed but don't be alarmed, at least not for web views or product placements.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • It's obvious to anyone using more than one device that this data is synced. Using words like "secretly" just makes ElcomSoft look like conspiracy-theory nutters. It's too bad, as it detracts from the value of their message. I get that there may be privacy issues, but anyone who is *truly* concerned about things like call logs isn't going to be using a cloud service anyway - not if they're sane. A.
  • There is no option to turn it on or off. This makes it completely opaque to the user that this is being done. Also, the way the devices interact with this data can lead a user to believe this is not the case. If I clear my call log on my iMac, it doesn't not clear it on my iPhone, and vice versa. In a Sync'd system, one would expect the data on all connected devices to mirror the Sync'd source, so changes are propagated across devices. This isn't the case for Apple devices (in a number of situations), therefore it makes complete sense that it would seem obvious to someone that Apple is *not* doing this, especially with their heavy "focus" on letting users know that everything stays on their device and is done locally. The behavior seems consistent with the message, but what actually happens isn't. That is why they refer to it as "secretly." There is also no toggle to disable this?
  • "There is no option to turn it on or off. This makes it completely opaque to the user that this is being done." What a ridiculous statement. Whether you can turn it on or off has nothing to do with the fact that it's perfectly obvious what is going on. iOS on a user's device uploads some data to the user's iCloud account in order to let the user's other devices stay up to date. The implication that there is anything nefarious going on is stupid. Apple doesn't even see this data. A.
  • It's not obvious what's going on. Did you read my comment, at all (obviously not). The system behaves as if the does not happen, yet it does. The user experience is in complete contradiction to what technically happens behind the scenes. This makes it anything BUT obvious. It actually leads the user to believe that what actually goes on is NOT in fact going on. I can tell many of you people have never developed a product with any decent security focus, where you had to ask yourself basic questions like these: 1. What happens behind the scenes?
    2. Is the User Experience consistent with what happens behind the scenes?
    3. Does the User Experience behave in a way that makes what happens behind the scene easily deducible?
    4. Is the combination of these factors in line with the message that our company is putting out regarding our product? To the average user, the Answer to #1 is "nothing," because Apple's message has led them on about things being very "device" centric. On top of that, the way the different devices interact with this data is so inconsistent and badly developed, that these use patterns can definitely lead the user to assume that the above is obviously the case. The UX doesn't make this obvious, nor does it make it easily deducible by the user. It also doesn't seem to be in line with Apple's intense focus on security and avoiding the storage of personal information on a cloud service that has been known to have very trivial security faux pas' (like that which allowed it to be brute forced - endlessly, and extremely easily) in the past.
  • Obviously I *did* read your comment, as I quoted some of it. It got more unreasonable as it went on, so I did not respond to all of it. Specifically, you seem to think that because the behavior doesn't fit your assumptions, there is something bad going on. "I can tell many of you people have never developed a product with any decent security focus" Having been on the development team of some award-winning security products, I can safely say that this assumption is also incorrect. I maintain that what is going on is obvious: User picks up device 'a' and sees the call log. User picks up device 'b' and sees the identical call log. To use words like "secretly" and "surreptitious" to describe this is absurd. A.
  • Was! the! headline! written! by! an! ex-! Yahoo! staff! member! ?!
  • iMore's ability to whitewash every issue with an Apple product will make your jaw drop! Posted via the iMore App
  • A lot of fuss about nothing really... but... it would be nice if there were a toggle switch for call-history iCloud sync.
  • Tyoo: "Security and privacy are continually at war with convenience. It's incredibly touch to balance both." I assume it's meant to be *tough
  • I love the smell of irony in the morning...
  • Thanks!
  • A better solution: replace the second sentence with "They're incredibly tough to balance." Using a different pronoun makes the two sentences more obvious in their relationship to each other (easier follow, better flow). Even better: combine the two into one compound sentence - "Security and privacy are tough to balance, as they are continually at war with convenience." Writing in a bunch of tiny sentences back to back causes the text to be exhaustive to read, and in some cases take longer to read, and encourages unnecessary wordiness. It also looks... Low-quality... It makes it seem as if the author was throwing the kitchen sink in to reach a word quota.
  • As always, think twice before reacting to media reports. These days security is a hot topic and some media like to use the topic to get eyes on their stuff. Thanks, Mobile Nations, for providing perspective.
  • We should bash other companies for playing with our private data. If its Apple then its OK. Shame.
  • Amazon doesn't get "bashed" for syncing Kindle book state, Microsoft doesn't get "bashed" for Xbox Live, Google doesn't get "bashed" for IMAP on Gmail, so I'm having trouble understanding your comment, or you're having trouble understanding the article. Either way, let me know how I can help!
  • You make 0 sense with this. Microsoft, Amazon, and Google do not use Security (and I'm using this in a very targeted, specific way) as a major feature of their consumer products, because the services they provide are dependent on data collection and cloud-enabled cross-device synchronization of data. The opposite is the case for Apple. My iMac doesn't even sync SMS Read Status with my Phone, never mind a ton of other Notification Read Status (among other things). I didn't know and didn't expect my call history to be shared across devices. It's not something that crossed my mind, because of how other parts of the system worked and the fact that Apple sells "security" like a killer feature of their products. If I clear my call history on my iPhone, it doesn't even clear it on my Mac. How the system behaves does lead one to believe that this does *not* happen. It's hard to say it's obvious, when SMS/MMS/Call Relay Exists; and you *expect* that it will show up if it rings on both devices... That part does makes sense. The Synching part is a bit of a shock, due to the behavior of the systems. It behaves like there is no cross-device sync for this stuff, at all. Rene, you cannot seriously be this deluded?
  • Don't expect a response from Rene. When he is painted into a corner with reasonable discussion, he disappears.
  • Because you act as if only Apple cares about security and not Google, Microsoft or other major companies.
  • Sounds like a lot of cheating spouses trying to cover their tracks. Sent from the iMore App
  • 9to5Mac is reporting that the call log data is synced to Apple even with iCloud off. If that's the case it seems a little more fishy then what is outlined in iMore's report. Posted via the iMore App for Android
  • That's not what they said. They said it still happens when iCloud Backup is turned off. I think associating this functionality with iCloud Backup is a red herring - it's being done for the convenience of having the data on all your devices, not to back it up. A.
  • Every cell phone company does too. It's on your **** bill.
  • true. If they were the ones supposed to protect your privacy instead of Apple going the extra mile, we'd be on them as well for the same reasons, :P We do want to see a phone bill don't we filled in with numbers we called ?
  • You can't have 100% security and 100% convenience.... If u want the ability to sync, or anything stuff must be known. Besides we know anything Apple holds in icloud can be handed over..... Its only the phone with is private... I'm sure sifting thought the info Apple keeps logs for cab build us a nice profile..
    If that scare u, don't put anything in iCloud drive u may not want Apple, or the government with a warrant, to know.
  • You did a really good job of glossing over the point of the complaint. Kudos. From the Forbes article; “iCloud only stores content for the services that the subscriber has elected to maintain in the account while the subscriber’s account remains active,” Apple’s document reads. It does not mention consistently-updated call logs. The document also claims Apple does not hold data on FaceTime calls for more than 30 days, which Elcomsoft claimed was inaccurate. “Synced data contains full information including call duration and both parties,” Elcomsoft wrote in a release today. “We were able to extract information going back more than four months.” 30 days. 4 Months. That's a disparity, and that's a problem for people who actually benefit from this security. Like journalists and whisteblowers. Considering that iCloud data is released to governments upon request, Apple needs to be entirely transparent about what that data contains. Makes it look like they don't have the user's best interest actually in mind, beyond the publicity of "caring about privacy."
  • We are taking privacy ting too far... On on hand we want Apple to be private with our stuff... but when they point out something important like call logs are *stored* suddenly that is an issue ? Perhaps a "disable call logging" separately so use can still use iCloud, but i doubt Apple wants to have a million settings u can turn off 'this' and 'this', and 'this' other stuff all because u want it..
  • Android phones and Windows phones also backup call history, yet they are not mentioned or chastised for it. This is an obvious double standard, but so many articles use this ploy when "reporting" on Apple because it garners page clicks. Apple is an incredibly popular and profitable business, so they are scrutinized to the point of absurdity.