For the most part, iPhones are pretty secure. iMessages are encrypted end-to-end and Apple can't read them.
A new report from The Intercept, however, claims your iPhone's call history is being "secretly" sent to Apple and saved to iCloud for up to four months.
It's a mighty scary-sounding report, but there's really nothing to worry about. Here's why.
SEE ALSO:Apple's iMessage system leaves one bit of data open to authorities
First, let's break down the report.
According to research from Russian digital forensics company ElcomSoft, "calls made and received on an iOS device, complete with phone numbers, dates and times, and duration" and "missed and bypassed calls" are uploaded to iCloud and stored for up to four months.
A nefarious person would need the Apple ID and password of the person's iCloud account.
History logs and information for FaceTime audio and video calls, as well as third-party VoIP apps such as WhatsApp and Viber that connect and show up like native iPhone calls and video calls on devices running iOS 10, are also synced to iCloud, according to the company.
An update to the company's Phone Breaker software, released today (what a coincidence!), "adds the ability to download iPhone call logs that are synced with iCloud, enabling near real-time access to synced call logs. In addition to call logs, the updated cloud extraction tool will also download synced contacts."
With access to its tool, hackers and law enforcement such as the FBI, which has used third-party software from firms like Cellebrite to access data locked up on phones, could potentiallygain access to all of the aforementioned information.
But there's a big caveat to that: A nefarious person would need the Apple ID and password of the person's iCloud account they're trying to access the call history of, which -- barring a phishing attack -- is not going to be easy unless you're openly telling people your account details.
Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!
And contrary to the report, Apple considers the call history uploads a feature necessary for cross-device functionality -- not because it's interested in spying on its users. (If Apple's very public fight with the FBI earlier this year against creating a backdoor to unlock the San Bernardino shooter's iPhone didn't convince you where Apple stands on privacy, nothing will.)
Mashable contacted Apple regarding the call-history logging and received the following statement:
"We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers' data. That's why we give our customers the ability to keep their data private. Device data is encrypted with a user's passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication."
The Interceptstates the situation is more troubling given the fact that most people don't know their call history is being stored in iCloud.
That may be true, but Apple's never hidden the fact.
In Apple's iOS Security Guide, the company explicitly lists on page 44 under the "iCloud Backup" that call history is one of the things that are backed up to iCloud. Also: "Files are backed up to iCloud in their original, encrypted state."
Most people don't know their call history is being stored in iCloud. That may be true, but Apple's never hidden the fact.
Besides letting users return calls from other devices, there's another simple reason Apple's backing iPhone call histories to iCloud: restoring.
When you back up an iPhone to iCloud you're backing up all of its data -- photos, videos, notes, contacts, messages, and, yes, call history -- so if you dodecide to restore, all of it's there again, exactly as it was before. Without backing up call history, you'd lose it all, and that's a convenience Apple thinks people don't want to lose.
Currently, the only way to prevent iCloud from logging your call history is to disable iCloud Drive altogether. Additionally, you can also delete each call entry individually from your device, and it'll then delete itself from iCloud on the next backup.
But even if you disable iCloud Drive to stop backing up your call logs, it's not like wireless carriers don't already have access to that information already (at least for calls over the cellular network, as opposed to calls through apps). And if subpoenaed, they'd be just as liable as Apple would be to provide that information to a court.
Though it's possible Apple could be more transparent on the uploading of call history and maybe build in an opt-out option in future versions of iOS, Mashable chief correspondent Lance Ulanoff said it best when it was reported that limited iMessage contact information was logged with Apple:
"We are all leaving a trail of information across all of our digital devices and on various servers around the world. It will likely be sometime before everything, everywhere is encrypted and beyond the reach of authorities."
So, no, there's no need to freak out over this report of your call logs being "secretly" sent to Apple, so long as you keep your Apple ID to yourself and use a very strong password that isn't 123456.