Apple Retains iMessage Metadata, Including IP Addresses – Doesn’t Intercept Your Conversations


Following Allo's failed privacy promises, security experts have discovered that Apple hasn't been providing its promised privacy features with iMessage either. Apple promises that your iMessage conversations are safe and are limited to your own access. New research discovers that the premier messaging service does leave some breadcrumbs that can be accessed by law enforcement and others.

The Cupertino tech giant won all hearts with its battle with the FBI over user privacy. The San Bernardino case became one of the most talked-about cases of the year as the FBI tried to use it to force tech companies into handing over data and creating security vulnerabilities in their own products. Apple stayed firm on its position of protecting user privacy over law enforcement's incessant and often ridiculous demands of weakening user security, and came out as a determined privacy advocate.

Apple logs your iMessage contacts

The company promises that its iMessage service, like Telegram and WhatsApp, is free from government snooping, as the company doesn't store anything on its own servers. A latest report by The Intercept reveals that if compelled by a court order, Apple can reveal details about a user's iMessage contacts and IP addresses.

It's not surprising that Apple has to store some metadata in its own servers in order to verify whether the recipient uses iMessage or not. While this data could be used by the state agencies, what is worrying is Apple retaining the IP addresses. For a company that has remained outspoken about user privacy, this goes against its own fight over user privacy. Apple has previously claimed that the company doesn't "store data related to customers' location." However, this data could very well be used to track iMessage users despite them believing that they are using a service that touts end-to-end encryption as its primary feature.

Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form. - Apple in 2013

The company doesn't have access to the actual conversations. But this metadata can be used by sophisticated threat actors (or government agencies) to piece together information. Apple confirmed to The Intercept that these logs are only stored for 30 days. However, as the publication has pointed out, "court orders of this kind can typically be extended in an additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering."

When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place. - Apple's response.

It is a routine practice for communication agencies like phone companies to hand over customer metadata to law enforcement. But iMessage is considered as a relatively secure alternative to texting. Making it possible for LEAs to track iMessage users goes against the promises that Apple has made to its users. While we do need more technology companies to start vocally advocating user privacy and security, tech leaders also need to be more open about the technical details that are kept hidden under the cloaks and may reveal potentially risky information about users.

- These details come from a document "iMessage FAQ for Law Enforcement," part of a much larger cache originating from a state police agency, "The Florida Department of Law Enforcement's Electronic Surveillance Support Team."

Source & Image