Apple is a company that prides itself on privacy. Cupertino promises users that their iMessage conversations are safe and encrypted — but a new report might enlighten users as to exactly what data is protected.
An iMessage thread leaves behind a hidden wealth of information, including phone numbers, time, date, frequency of contact, and some basic location information — all of which Apple logs and stores on its servers. And while much of this data might seem safe, Apple could potentially share this information with police if compelled by court order, according to a document obtained by The Intercept.
When you’re first inputting a phone number into Messages, the app contacts Cupertino’s server to determine whether a message should go through SMS — indicated by green text bubbles — or over Apple’s own secure messaging server — represented by blue text bubbles in Messages. The company then records each instance of this contact to deduce who is or isn’t in the iMessage system, Engadget reported.
But this log also includes the date and time when you entered that phone number, as well as your IP address — which could potentially be used to determine your location. So while the actual content of your Messages will remain private, there’s still a lot of metadata that investigators could potentially access by court order. Apple told The Intercept that it complies with subpoenas and legal requests for these logs.
Apple reportedly only keeps these logs for 30 days, but The Intercept points out that legal actions of this type could be extended in additional 30-day periods — meaning that authorities could potentially string together lists of numbers that you’ve been entering into your Messages or Contacts app.
It’s worth noting that phone companies routinely hand over this data to investigators — and the court orders required aren’t particularly hard to obtain. Another thing to consider is that Apple does note that this type of metadata “is not an indication that a communication actually took place….only that a query was initiated,” according to the documents. Meaning that authorities couldn’t prove that you actually communicated with someone, only that you entered their phone number into the app.
This new report doesn’t undermine Apple’s commitment to security, but it’s a good reminder as to which information Apple can actually protect. So while Cupertino championed privacy rights when it resisted FBI requests for backdoor access to its devices earlier this year — followed by the introduction of a better encrypted file system — the company can’t keep law enforcement from knowing who, when and potentially where you text, Engadget reported.