Wire released an update for its secure communications app that allows people to choose between two settings: having their call history sent to iCloud, where law enforcement officials could use digital forensics software to access it, or ignoring one of the marquee features Apple introduced with iOS 10.
The feature, dubbed CallKit, allows third-party apps to notify their users about phone calls right on the iPhone lock screen. These apps were previously limited to sending a push notification about incoming calls--people couldn't swipe on the display to answer a call, decline a call from the lock screen, or view any detailed information about the caller. Apple changed that with iOS 10, and it also started to back up information about those calls to iCloud.
The company already synced call information via the cloud. This can be frustrating--people who share their iCloud accounts might not want someone else to know who they've called, for example--but it was limited to calls made with the built-in Phone app. It becomes more of an issue, however, when apps that people use specifically to avoid both governmental and personal surveillance have to sacrifice security for the sake of convenience.
That's exactly what happened. Elcomsoft, a digital forensics software maker that works with law enforcement officials around the world, revealed that police can access the call logs of any iPhone user if they have access to that person's iCloud account. Here's what the company said in a blog post:
If somebody tries to download a backup created by your iPhone in your iCloud account, you will likely receive an email notification. This does not happen when somebody downloads synced call logs, which effectively allows spying upon you without you even knowing.
Elcomsoft said the only way to prevent this snooping is to disable iCloud Drive; people can also make it harder for criminal hackers to access this information with two-factor authentication. But if this information is backed up to iCloud, and government officials gain access to that account, there's no guarantee anyone will be able to stop tools like Elcomsoft's from gathering their personal data. (Or that they'll even know this spying happened.)
But there are other options. Developers can elect not to support CallKit, or at least to let their users decide if they want to prioritize their convenience or their privacy. Wire did just that with its latest update. Its users can choose to have information about calls received via the service appear on the lock screen, or they can stick with the less-convenient-but-more-secure notifications these apps had to use before iOS 10 debuted over the summer.
This shouldn't have to be a choice. Wire said in its blog post that CallKit is a "great step forward for better user experience and fewer missed calls," but that it had to allow people to disable the feature because it "knew that this was not going to be acceptable for users who’ve chosen Wire for our focus on privacy." Apple has effectively made the company--and other VoIP service providers--decide between annoying their users and keeping them safe.