Vladimir Katalov, CEO of Elcomsoft, told Sputnik that users are essentially left unaware of this feature because there’s no notification that call logs can actually be synched with iCloud. He also remarked that it’s hard to say exactly how legal this particular feature is in terms of privacy issues.
"To be honest, I haven’t read Apple’s privacy agreement completely – it is a very large document, about twenty pages or so. Of course it does mention that some of your information can be stored to iCloud. But there’s other document that shows and describes in detail what information stored in the iCloud can be shared by Apple with the law enforcement, by the legal request of course; and there’s no single mention of the call log synching there. Apple only says that they can provide law enforcement with iCloud backups, the information stored in the iCloud backups and some other data stored in the iCloud, but nothing about the calls," he said.
Katalov pointed out that such information could be of great interest to law enforcement agencies and that there are basically two ways for them to access that data.
"Law enforcement people can contact people directly and get all the information stored there; it is encrypted of course, but the thing is, everything stored in Apple’s iCloud (well, almost everything) is encrypted in the way that the encryption keys are stored along with the data, so there’s no problem for Apple to decrypt everything and provide the plain-text information. And the other way of course is to use the software like ours to get access to the information stored in iCloud, but in that case of course you will need iCloud credentials such as the Apple ID and password or the authentication token," Katalov explained.
He added that there are also two ways for iPhone users to protect their information, but each of these methods has its own drawbacks.
"The simplest, but probably not the most effective one is to disable iCloud completely; if you can't do that then at least enable th two-factor authentication for your account to make it harder for hackers to get at your information. But still, you have to know that law enforcement can access your information stored there regardless of whether the two-factor authentication is enabled or not," he surmised.