Apple has a hidden feature in iPhones in which call logs going back as far as four months are stored in near real-time in the iCloud, claims Elcomsoft, a Russian provider of iPhone hacking tools. Elcomsoft, claims the feature is automatic and there’s no way to turn it off bar shutting down iCloud Drive altogether, according to Forbes.
It’s known that iCloud backups store call logs, contacts and other data. However, users should be concerned their communications records are consistently being sent to Apple servers without explicit permission, said Elcomsoft CEO Vladimir Katalov. Even if those backups are disabled, he added, the call logs continue making their way to the iCloud, Katalov said.
“Syncing call logs happens almost in real time, though sometimes only in a few hours,” he said. “But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case many applications will stop working or lose iCloud-related features completely.”
FaceTime, which is used to make audio and video calls on iOS devices, also syncs call history to iCloud automatically, according to Elcomsoft. The company believes syncing of both regular calls and FaceTime call logs goes back to at least iOS 8.2, which Apple released in March 2015.
Beginning with Apple’s latest operating system, iOS 10, incoming missed calls that are made through third-party VoIP applications like Skype, WhatsApp, and Viber, and that use Apple CallKit to make the calls, also get logged to the cloud, Katalov said.
In a statement to AppleInsider, an Apple spokesman had this to say: “"We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers' data. That's why we give our customers the ability to keep their data private. Device data is encrypted with a user's passcode, and access to iCloud data including backups requires the user's Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”