iMessage, but who reads? Apple logs message contacts and location

Apple may have been paying lip service when it frequently assured its customers of its commitment to privacy, including denying the FBI the ability to hack into an iPhone. Turns out Apple logs the location of iMessage and shares information with police.

For iPhone users, there’s a world of difference between a text message sent in a green bubble and another sent in a blue one. Green means that a message is sent through a standard SMS service, but blue signifies that the message has been sent through Apple’s end-to-end encrypted messaging network that has been a point of pride for the company’s privacy policy.

While the messages are indeed end-to-end encrypted, it may not be as secure as it sounds. The encryption keeps Apple from being able to actually read your messages, but that does not mean these messages aren’t leaving a trail that Apple can follow.

Documents obtained by the Intercept show that Apple records the IP address of its users every time they launch a query by trying to contact someone through Apple’s Messages app. Basically what happens is that your phone reaches Apple’s servers to see if the message can be sent through their network or if it needs to be sent via SMS.

It is not entirely clear when a query is established, but the Intercept’s Sam Biddle took it to mean that it is when a text window is opened and a phone number is selected. If that’s the case, then Apple has logged every case where an iPhone user has started to write a text message but second guessed it before sending.

However, it is not clear if that is the case or if a query is launched only after a text is actually sent.

This communication from your phone to the network is logged by Apple’s servers and held for 30 days. Their records contain the date and time of the query, the client IP, source handle (your phone), lookup handle (person you’re texting) and the number of devices being looked up that are iMessage-capable.

By recording the IP address, Apple can establish a rough idea of your location and the network to which your device is connecting. In addition, while Apple can’t read the content of messages, they do effectively have a list of everyone you’ve contacted in the past 30 days.

This is a direct contradiction to the 2013 press release from Apple that claimed, “we do not store data related to customers’ location.” In addition, it means that Apple can provide very useful information to law enforcement if provided a subpoena.

Apple has not addressed the majority of the issues raised by this, but in a statement said, “When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession,” the Intercept reported.

In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place,” the statement concluded.

That does not answer attorney Andrew Crocker of the Electronic Frontier Foundation’s questions, which include, “How often are lookups performed? Does opening [an iMessage] thread cause a lookup? Why is Apple retaining this information?