The Intercept reported via a digital forensics firm that iPhones with iCloud enabled send user’s call history to Apple servers:
Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification.
“You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft.
This can be justified. Apple do a number of things with your phone call: they allow you to answer calls on any of your devices, they allow third parties to make VoIP calls that look and feel like normal phone calls, for instance. Apple’s response:
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email. “Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
It is still technically accessible to law enforcement via a subpoena, but granted, I believe this is true anyway given that carriers would happily provide call logs too. The mistake Apple made here is not in the actual behavior of the phone, but in the disclosure to users. This should have been made clear to the user, or at least found in their famously long agreements.