Earlier this year, Apple made a big deal about not unlocking a criminal's iPhone and it also claims that its iMessage service is free from government snooping. However, a report has revealed that, if requested, the company could reveal details about a user's iMessage contacts to authorities.
A report by The Intercept, based on a legal compliance document, has revealed that Apple can share details such as IP addresses and phone numbers of the user's contacts, or any other number that the user might have entered in the iMessage or Contacts applications.
Each iOS device pings back certain metadata to Apple's servers in order to verify whether the other party uses iMessage for communication or not. This data is preserved on the servers and could be shared with government agencies if a court order is issued. Even though iMessage itself provides end-to-end encryption, this metadata could be used to track down users.
Apple has issued a statement in response to The Intercept's report, which is as follows:
When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications.In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.
It is common practice for software companies to comply with legal requests, and sharing server logs is perhaps not quite such a big deal compared to unlocking an encrypted iPhone, which Apple refused to do earlier this year. However, it is still a matter of concern that the company stores such information that can be used to identify individuals and their relationships with others, and that this metadata may still be shared with authorities.