Apple logs your iMessage contacts and could share them with police

Apple’s iMessage had a few security holes in March and April that potentially leaked photos and contacts, respectively. Though quickly patched, they are a reminder that the company faces a never-ending arms race to shore up its security to keep malicious hackers and government agencies out. But that doesn’t mean they will always be able to keep it private. A report from The Intercept states that iMessage conversation metadata gets logged in Apple’s servers, which the company could be compelled to turn over to law enforcement by court order. While the content of those messages remains encrypted and out of the police’s hands, these records list time, date, frequency of contact and limited location information.

When an iOS user types in a phone number to begin a text conversation, their device pings servers to determine whether the new contact uses iMessage. If not, texts are sent over SMS and appear in green bubbles, while Apple’s proprietary data messages appear in blue ones. Allegedly, they log all of these unseen network requests.

But those also include time and date stamps along with the user’s IP address, identifying your location to some degree, according to The Intercept. Like the phone logs of yore, investigators could legally request these records and Apple would be obliged to comply. While the company insisted that iMessage was end-to-end encrypted in 2013, securing user messages even if law enforcement got access, Apple said nothing about metadata.

Apple confirmed to The Intercept that it does comply with subpoenas and other legal requests for these exact logs, but maintained that message content is still kept private. Their commitment to user security isn’t really undermined by these illuminations phone companies have been giving this information to law enforcement for decades but it does illustrate what they can and cannot protect. While they resisted FBI requests for backdoor iPhone access earlier this year and then introduced a wholly redesigned file system with a built-in unified encryption method on every device, they can’t keep authorities from knowing when and where you text people.

Source: The Intercept

Engadget RSS Feed

Google stores ‘transient’ Allo messages until you delete them

Back when Google first announced its brand-new chat app Allo, the company told The Verge it would only store messages “transiently,” not indefinitely. But since May, when the app was first announced at Google I/O, things have changed a bit in that regard. A Google spokesperson confirmed that messages are now stored on Google’s end as long as that chat history is available on your personal device. But once you choose to delete the history, it’s also deleted on Google’s end — so users do have control over just how long their messages persist for.

Google told me that it made this change after the company pushed the app out to wide testing around the company; it found that the experience was better when it saved chat history for longer. That history helps Google with things like the app’s auto-reply features, which work better the more data is available for Google to analyze.

For the end user, this means that your messages are stored on Google’s servers, in the same fashion that Hangouts messages and emails from your Gmail account are. The messages are still encrypted between your phone and Google’s servers, and they’re stored using encryption that Google can open up so it’s accessible to their machine learning processes.

If both you and the other participant in your conversation choose to delete a conversation, though, the messages will be removed from Google’s servers. And if you want extra privacy, you can use Allo’s incognito mode, though you won’t get the benefit of the Google Assistant that sets the app apart from other options. Deleting the app itself from my iPhone also deleted all the content of the conversations I was having — but again, if my friends didn’t delete those chats, they’re still out there on Google’s servers.

For most users, this probably won’t be a deal-breaker — it’s not really any different than how most of Google’s many other communication products behave. But there’s also no doubt that there’s been increased attention given to the privacy and security of your online communications. If that’s a concern to you, Allo might not be the best option for you.

Via: The Verge

Engadget RSS Feed