iMessage, metadata, and law enforcement: What you need to know!

iMessage Lasers
iMessage Lasers (Image credit: Rene Ritchie)

There's a story going around about Apple storing metadata associated with the iMessage service and, when obligated by a court order, turning that data over to law enforcement. The details of the story are accurate, as far as I know, but it conflates two very different things in order to create a sensational headline, which is unfortunate for people who want and need to be informed about important issues involving privacy.

What's the story here?

From The Intercept:

Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple's proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document. Apple records each query in which your phone calls home to see who's in the iMessage system and who's not.This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "trap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.

Is this really news?

Not for people versed in iMessage architecture, no.

See more

Why is Apple keeping that log?

My understanding is that, at some point, Apple's iMessage engineers decided they needed to keep a metadata log in order to detect and fix problems with iMessage dispatch.

Basically, when you type a contact into iMessage it figures out if that contact is also on an Apple device, and then sends an iMessage (blue bubble), or not on an Apple device, and then sends an SMS/MMS (green bubble).

Given that the messages themselves are end-to-end encrypted, that sorting has to be done up front, which generates metadata (data about data.)

Does that really need troubleshooting?

Long time readers and iMessage users will remember that a few years ago, how iMessage handled dispatch was highly controversial. When switching between iPhone and iPad, or when switching to Android devices, people and media outlets were incensed that iMessage sometimes got it wrong.

Hell, people are still incensed when group messages spawn new threads because one of the participants switches devices mid-conversation.

So yes, it needs troubleshooting.

And they keep that log?

For 30 days. Doing dispatch properly is hard, and so engineers did what engineers do, and started collecting data to try and make it better. Because of privacy concerns, though, they only keep that data live for 30 days.

My guess is, fresh data is also the only useful data for this type of bug fixing.

So it has nothing to do with lawyers?

Nothing at all. Not with lawyers or compliance or any concern whatsoever for government agencies. It was and is purely for bug fixes and quality assurance.

What about the court orders, though?

As a result of keeping the log, if presented by a court order, Apple has to turn it over. Same with any log kept by any company.

And if I don't want my metadata logged?

Apple allows you to use both your iPhone number and your Apple ID email address as iMessage contacts. If you don't want either your number or your proper Apple ID logged, you can create a burner Apple ID you only use with iMessage and dispose of whenever you like.

Otherwise, you can use an alternate service like Signal.

Couldn't Apple just stop the logs?

Sure, but it would make improving iMessage dispatch much, much harder. I lean towards the paranoid — I used a burner email for Pokemon Go, after all — but most people have no reason to worry about this kind of stuff. They just want iMessage to work better.

So this article was sensationalized just to get attention and scare people?

It's good information for everyone to know and keep in mind when using iMessage or any similar messaging service. The way it was presented was just... unfortunate.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • I wouldn't use smart phones if I needed to conceal my activities.
  • I would say in this day and age its impossible not to use a smart phone...... Therefore, the world of privacy is basically just arguing over nothing, since we are all online... The levels of how bad it is do not even exist.. Until we all stop using technology, only then we can say "yes, we are 100% private." and that will never be true
  • So, basically Apple's privacy policy is pretty much like every other company out there? Got it. That's good to know. Posted with the Nexus 6, Nexus 5, or Surface Pro 3
  • So, basically you posted with the Nexus 6, Nexus 5, or Surface Pro 3? Got it. that's good to know.
  • So, basically you posted that he posted with the Nexus 6, Nexus 5, or Surface Pro 3? Got it. that's good to know.
  • Probably not. There's no trolling the content of the messages for keywords and the like. It's just a list of from and to, and then deleted after 30 days anyway. But your trolling has been noted.
  • Trolling? No, not trolling. But I encourage you to read Apple's privacy policy against any other similar company. You'll note the minute differences. My guess is you've never read it. Posted with the Nexus 6, Nexus 5, or Surface Pro 3
  • While i would agree Apple's policy is like any other company, the thing that shines is Apple goes above and beyond to make u trust them with repots on what exactly we do with this info.. Is a company says in detail what they do with your info (in plan english) wouldn't that give them more trust ground ? Of course it would.. On the other hand privacy polices are difficult to understand with miss-leading words.... so if a company can tell u in words u can understand, u would 'better' trust them,.. however, at the end of the day Apple is also just "another company', and in my book, privacy and security start and end with the user. never the company. who matter how good they try and sound. I say what Apple gets... and if there is risks, i'll gladly wage that knowing my privacy is still safe with me
  • I wonder if Apple could use something like differential privacy here. If your iPhone asked for a dozen phone numbers every time it wanted to look up a single phone number, there wouldn't be enough certainty for law enforcement to use the numbers in the log. But engineers could still look up specific numbers in the log.
  • Thanks, that is what I interpreted from The Intercept article but nice to have a more detailed explanation. And, I agree, the information was good and accurate but could have been presented in a less sensational manner.
  • How is this possible? According to Rene Apple doesn't store anything personally identifiable on their servers. Oh never mind this is a small thing. Trust no one but trust only Apple. They always care about users... Believe!!!
  • If you've ever used iMessage, you know how much of a pain it can be sometimes either when the other user has their internet turned off, or they've switched from an iPhone to an Android phone. iMessages will still sometimes try to send as iMessages despite the fact that the messages are being sent to an Android device or an offline device. I've missed text messages whilst being on an Android phone because they were trying to send iMessages to an old iPhone of mine when it was switched off. It makes sense that Apple would want to log this, and the data being stored makes sense in terms of troubleshooting. It's somewhat personally identifiable, although it's storing the information of the people you're contacting rather than yourself. Apple does a much, much better job than other companies when it comes to privacy
  • My wife is experiencing this very issue and we have not been able to resolve it. We used the apple provided services to attempt to update the dispatcher, no joy. I believe her particular problem stemmed from turning no the android phone prior to disabling iMessage. She got a little excited ;) and now regrets the switch.
  • I missed where Rene wrote that in the article.
  • It's not that I'm a criminal, but because I value privacy, I use Threema instead of iMessage. I just don't like the idea of a company storing the metadata of my chat activities. As far as I know, there's nobody keeping track of the people I talk to in real life, either.
  • So iMore praises Apple for providing great services and features without collecting user data...until they don't. I just love how all of a sudden they're defending the very practices they derided when Apple's competitors were doing. Sent from the iMore App
  • It's Rene's lack of integrity at its best.
  • Remember, Apple is not a VPN here where unlike a VPN (which cannot turn over something they do not keep) in situations where the VPN provider do no keeps log at all. Apple has to because their a U.S company after all and like any law in the U.S any comply with would need to with.
  • Some VPNs do some sort of logging (that could potentially be user-identifiable) especially those that are free of charge. Or how else would they generate an income? Something, other than funding from various VCs and individuals, has to pay the overhead.
  • Remember, Apple is not a VPN here where unlike a VPN (which would not turn over something they do not keep) in situations where the VPN provider do no keeps log at all. Apple can has to because their a U.S company after all Meta data is still as valuable.
  • I tend to agree. After all, if you have a problem with Apple keeping your metadata (wich _is_ valuable, ask WhatsApp), use a service like Threema or Signal, just like you would use a VPN to make sure you're safe when surfing the web.
  • I don't know how long Apple can maintain its posturing of being the "guardians of privacy" (I did not coin this term), even though this is something very revealing and sheds a lot of light on Apple's iMessage practices, which I remember correctly them saying that they don't log anything user-identifiable (especially names and location). At some point Apple will end up just like every other tech company sellout. So yes I agree, Threema could be the answer here, in the long-run that is. P.S.- It's unfortunate that Threema doesn't get enough coverage or attention.
  • I understand that in the German-speaking part of Europe, Threema is quite popular, and I assume it gets a lot of media coverage there. So maybe other blogs will catch up.
  • I feel that there are humans out there, that will take any piece of 'news' and run with it.
    This is making a mountain out of a molehill. The same argument about placing data online. Unless you're encrypting it or something like that, someone, anyone, can get to it. We rely on online companies looking after our data, however, if anyone breached that online company security, there is nothing we can do about it (unless we had a personal layer of encryption on that data). Bottom line is, as humans, we need to stop making a mountain out of a molehill. And we should all use our devices and gadgets responsibly.
  • True, any company can potentially look at your data, which is why for me anyway, the term 'privacy, still says with me. compared to say another companies and still say "yes, but its still private since We do not share it" Nope... privacy stays with me and if u put it online, or give it to a company u just gave up that information.. This is why i am cautious at faking almost everything... even law type issues,
  • I think if you are worried about the being tracked, you should probably use the Signal Messenger App or carrier pigeon. It's almost impossible to have a conversation electronically where the meta data isn't in plain text or stored.
  • meta data alone does noting on its own and i accept that... you cannot avoid that.. But if its linked to anything else that same company, or third party companies if shared, then it can mean allot. This, i do have an issue with, which is which i choose to only provide info directly to companies i use only,. I don't use iMessage anyway, but just generally pointing out . Apple can say something, but mean another... Just something to bear in mind. Yes, Apple has all this transparency reporting etc.. and that's all fine, if u wanna believe all that, but my privacy stays with me only, and the only way will be if I choose to give it up. directly to one company only.
  • Hello...I will be a first time Iphone I am confused which one should i get 6S plus or 7?..PLease anyone help!