I've setup my iPhone 7 from scratch without backup and curiously found my call log after logging into iCloud again. I was surprised but didn't think too much about it (my privacy threshold is perfectly fine with meta data being privately stored 'in the cloud') and it's not exactly hidden.
It’s not just regular call logs that get sent to Apple’s
servers. FaceTime, which is used to make audio and video calls
on iOS devices, also syncs call history to iCloud
automatically, according to Elcomsoft. The company believes
syncing of both regular calls and FaceTime call logs goes back
to at least iOS 8.2, which Apple released in March 2015.
...
Generally, if someone were to attempt to download data in an
iCloud account, the system would email a notification to the
account owner. But Katalov said no notification occurs when
someone downloads synced call logs from iCloud.
Apple acknowledged that the call logs are being synced and said
it’s intentional.
Note to media companies (and everyone else) talking about security: You have to put security elements in context to say anything reasonable
That means both: 1) Consider your audience, and 2) Do a 'risk analysis' (Meaning figure out where the security issue starts to outweigh the convenience and describe the actual impact of the issue.)
This article (and the Intercept's) are both severely damaged by a failure to do either. Without stating the contexts where this call logging is a problem, and who it is likely to affect you end up writing alarmist nonsense- especially when the audience is the general public.
12 comments
[ 2.7 ms ] story [ 39.5 ms ] threadOh, well, glad that was the first thing I did when I got an iPhone :p
I've setup my iPhone 7 from scratch without backup and curiously found my call log after logging into iCloud again. I was surprised but didn't think too much about it (my privacy threshold is perfectly fine with meta data being privately stored 'in the cloud') and it's not exactly hidden.
https://news.ycombinator.com/item?id=12977904
https://news.ycombinator.com/item?id=12977612
That means both: 1) Consider your audience, and 2) Do a 'risk analysis' (Meaning figure out where the security issue starts to outweigh the convenience and describe the actual impact of the issue.)
This article (and the Intercept's) are both severely damaged by a failure to do either. Without stating the contexts where this call logging is a problem, and who it is likely to affect you end up writing alarmist nonsense- especially when the audience is the general public.