iMessage is supposed to be a private way of chatting with friends and colleagues, but a report from The Intercept this morning points out one glaring flaw: though Apple doesn’t know what your messages say, it does get to see who you might be talking to.
When you try to contact someone through Apple’s Messages app, the app automatically pings Apple’s servers to see if that person has an iMessage account. When that happens, Apple gets to see who you’re trying to contact, whether they have an iMessage account or not.
"In some cases, we are able to provide data from server logs."
In addition to logging contact information, The Intercept reports that Apple records the date and time the request was made, as well as the IP address the request came from, which could provide information on your location.
These logs are saved for 30 days, at which point the information is deleted. But Messages and other built-in iOS apps occasionally check back in with Apple's servers, generating new logs on who's contacting who. Check-ins don't happen every time a message is sent, but The Verge understands that they do occur on a regular basis.
Apple may hand over any of this available information to law enforcement when presented with a court order. In fact, The Intercept’s info comes from a Florida law enforcement agency, which created a briefing sheet on the info Apple is capable of handing over.
Though the logs only show contacts who have been entered into a phone — they don’t show the contents of messages, or even if a contact has ever been messaged — it’s obvious how this information can still be revealing. Law enforcement essentially has the ability to acquire a list of any person or business that an iPhone user has recently considered contacting.
In a statement first given to The Intercept, Apple said that it provides these details when presented with a "valid" subpoena or court order. "In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices," the company says. "We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place."