Apple is saving iMessage conversation metadata, report claims
Tech giant accused of collecting data that it could share with law enforcement agencies
Apple is saving metadata from its iMessage app that it could share with law enforcement agencies, a new report has claimed.
Apple's servers allegedly log iMessage conversation metadata, according to documents obtained by The Intercept, including the time and date on which messages are sent, frequency of contact and IP address, and could be used to establish limited location information.
The obtained documents originate from a state police agency that facilitates data collection using controversial tools, and also suggested that Apple maintains a log of phone numbers entered into Messages and potentially elsewhere on an Apple device, such as the Contacts app.
The collection of this metadata is down to the way Apple logs users and non-users of its Messages system, from contacts who chat via iMessage and those that do via SMS. To understand the difference between the two and route the message, Apple automatically checks numbers entered into an iOS device with its servers to see whether it has been associated with an iTunes account, hence the metadata.
Apple has responded to the report, stating that there are times when it can hand over server logs but that the content of conversations is inaccessible.
"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications," an Apple spokesperson said in a statement.
"In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices.
"We work closely with law enforcement to help them understand what we can provide and make clear that these query logs don't contain the contents of conversations or prove that any communication actually took place."
The newly obtained documents contradict a statement released by Apple in 2013, which, commenting on the NSA's PRISM surveillance programme, said the company affirmed its commitment to "customer privacy" and insisted that it does not store information related to a user's location.
"Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption, so no-one but the sender and receiver can see or read them. Apple cannot decrypt that data," Apple said at the time.
"Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."
Report: The State of Software Security
This annual report explores important trends in software securityDownload now
A fast guide to finding your cloud solution
One size doesn't fit all in the cloud, so how do you find the best option for your business?Download now
Digitally perfecting the supply chain
How new technologies are being leveraged to transform the manufacturing supply chainDownload now
Small & Medium Business Trends Report
Insights from 2,000+ business owners and leaders worldwideDownload now