Apple can’t tap into iMessage conversations, thanks to end-to-end encryption, but the iPhone maker does know who you message or attempt to message with.
Earlier this year, Apple entered a spat with the FBI when it refused to unlock an iPhone
that belonged to Islamic terrorist Syed Rizwan Farook, who together
with his wife Tashfeen Malik, killed 14 people in a mass shooting in San
Bernardino, California in December 2015. Apple at the time claimed that
it couldn't unlock the device and said the FBI was essentially asking
it to create a backdoor into the iPhone.
In the end, the FBI was able to unlock the device without Apple’s involvement (it was helped by an outside party which reportedly cost more than $1 million, but the spat sparked debate over the use of backdoors. Privacy advocates, security experts, and tech companies supported Apple’s decision, arguing that available encryption products would be undermined if a backdoor was included in them.
As
it turns out, Apple’s stance might have been influenced by marketing
reasons too, and not purely by its determination to protect user
privacy. When the Apple/FBI battle ended, the tech company emerged as a
determined privacy advocate, but the incident didn’t tell the entire
story. The document (below) obtained by The Intercept shows that Apple can tap into
some information regarding user’s iMessage conversations, and that it
does share these details with law enforcement when required to do.
Specifically,
while it can’t view the conversations you carry out with your iMessage
contacts, Apple does log the queries the messaging app makes to its
servers to determine whether the person you are trying to contact is
using the iMessage system or not. Based on these details, a message is
sent to the Messages or SMS app, and it appears in conversations either
as a blue or a green bubble.
Apple’s
logs record each such query and include information like your phone
number, the phone number you entered, the date and time when you entered
the number, and your IP address. Basically, this means that Apple knows
who you were trying to contact (or at least their phone number), when
you were trying to contact that person, and your approximate location at
that time based on your IP address (which could be spoofed via VPN).
Not
only does Apple log these details, but it also shares them with the
police when court orders compel it to. While Apple says that it retains
those logs for only 30 days, court orders that request such information
can typically be extended in additional 30-day periods, The Intercept
notes. These can be combined to create extensive lists of numbers
someone has been entering.
The document, reportedly titled “iMessage FAQ for Law Enforcement,”
clearly states that these logs do not offer proof that you actually
contacted a number you entered in the Message app. “The document implies
that Messages transmits these numbers to Apple when you open a new chat
window and select a contact or number with whom to communicate, but
it’s unclear exactly when these queries are triggered, and how often,”
The Intercept explains.
The
content of sent messages remains safe from intruding eyes, because
iMessage is encrypted end-to-end, but Apple admits to be sharing
requested information with the police, if that information is in its
possession. “In some cases, we are able to provide data from server logs
that are generated from customers accessing certain apps on their
devices,” Apple told The Intercept.
“We
work closely with law enforcement to help them understand what we can
provide and make clear these query logs don’t contain the contents of
conversations or prove that any communication actually took place,” an
Apple spokesperson also said.
In
the end, Apple remains true to its claim that your conversations are
private and that only you and your contacts can access them, though the
company does know who you might have been talking to. Apple might not be
willing to weaken the security of its products by including a backdoor,
but it should be more straightforward when it comes to the kind of
information it can access and subsequently share with law enforcement.
Related: WhatsApp Toughens Encryption After Apple-FBI Row
No comments:
Post a Comment