Why Apple logs your iMessage contacts and other metadata?

Pierluigi Paganini September 29, 2016

Every time you type a number to start an iMessage conversation on your iPhone, Apple logs your message contacts and other metadata.

In January 2015, experts claimed that Apple is not able to read messages sent between devices through iMessages, but reported that the company but it is still able to access data in the backups.

Apple has always confirmed that attackers cannot eavesdrop iMessage conversations, but according to a document obtained by The Intercept there is something that user should know.

According to the document, Apple logs contacts’ phone numbers and shares them, alongside with other metadata, with law enforcement.

The Intercept received the document, titled “iMessage FAQ for Law Enforcement,” as part of a cache originating from within the Florida Department of Law Enforcement’s Electronic Surveillance Support Team. The author of the document is not known, such as the final audience, it is designated for “Law Enforcement Sources” and “For Official Use Only.”

When Apple users type a number to start a text conversation, the Messages app contacts the company servers to determine whether to route a given message over the SMS system or over the Apple’s proprietary messaging network.

“Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple’s proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document.” states The Intercept website. “Apple records each query in which your phone calls home to see who’s in the iMessage system and who’s not.”


The log includes the date and time of the conversation and the user’s IP address, information that could allow identifying the user’s location. The IT giant is compelled to turn over this data via court orders for systems known as “pen registers” or “trap and trace devices.”

Apple told to The Intercept that it only retains these logs for a period of 30 days, but court orders can extend the period of additional 30-day periods.


Below the official statement from Apple:

“When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.”

As explained in the document, and confirmed by Apple, the company is not able to access the content of the conversation, but why the company retails these logs?

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – iMessage, privacy)

you might also like

leave a comment