Your iPhone is silently uploading your metadata to Apple’s iCloud servers

Photo: Justin Sullivan/Getty Images.

If you’re an iPhone user, Apple secretly uploads a record of who you telephoned, when you called and how long you spoke, a researcher has found.

Apple sends these call logs to its servers with no way for a user to disable this function unless you disconnect from the cloud, said Elcomsoft researcher Oleg Afonin on the company blog.

“We discovered that yet another piece of data is stored in the cloud for no apparent reason,” he wrote. “Using an iPhone and have an active iCloud account? Your calls will sync with iCloud whether you want it or not.”

Afonin said that this seems to defeat the whole purpose of Apple’s tough resistance against government requests for data from iPhones.

“The ability to extract call logs from the cloud instead of having to deal with the tough hardware protection of today’s iPhones can be a blessing for forensic examiners.”

Metadata upload is active on iOS 9 and 10, with switching off iCloud Drive the only way to disable the feature — a method unacceptable for many users as many apps and iOS itself relies on iCloud Drive for full functionality.

Business Insider has contacted Apple for comment.

The security researcher praised the strength of Apple’s security on individual iPhones, but sending such data to the more vulnerable cloud seems to be a leg-up for authorities keen to get their hands on the data of individuals.

“Indeed, the security model of recent iPhones is exemplary. They are extremely difficult to break in on a physical level,” Afonin said. “[But] what seems to be a hassle for some frustrated iPhone users is a real blessing for law enforcement.”

The Australian government has in recent years faced controversy for its collection of metadata, with proponents arguing its importance in national security and crime-fighting while opponents cite privacy concerns.

Telecommunications companies started collecting metadata last October for an initial two-year term, with 61 government agencies requesting access to the information.