Apple is saving metadata from its iMessage app that it could share with law enforcement agencies, a new report has claimed.
Apple's servers allegedly log iMessage conversation metadata, according to documents obtained by The Intercept, including the time and date on which messages are sent, frequency of contact and IP address, and could be used to establish limited location information.
The obtained documents originate from a state police agency that facilitates data collection using controversial tools, and also suggested that Apple maintains a log of phone numbers entered into Messages and potentially elsewhere on an Apple device, such as the Contacts app.
The collection of this metadata is down to the way Apple logs users and non-users of its Messages system, from contacts who chat via iMessage and those that do via SMS. To understand the difference between the two and route the message, Apple automatically checks numbers entered into an iOS device with its servers to see whether it has been associated with an iTunes account, hence the metadata.
Apple has responded to the report, stating that there are times when it can hand over server logs but that the content of conversations is inaccessible.
"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications," an Apple spokesperson said in a statement.
"In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"We work closely with law enforcement to help them understand what we can provide and make clear that these query logs don't contain the contents of conversations or prove that any communication actually took place."
The newly obtained documents contradict a statement released by Apple in 2013, which, commenting on the NSA's PRISM surveillance programme, said the company affirmed its commitment to "customer privacy" and insisted that it does not store information related to a user's location.
"Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption, so no-one but the sender and receiver can see or read them. Apple cannot decrypt that data," Apple said at the time.
"Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."