iMessage security risk

Discussion in 'iOS 6' started by akouris, Nov 13, 2012.

  1. akouris macrumors newbie

    Joined:
    Nov 13, 2012
    #1
    Is anyone concerned by the fact that Apple seems to keep all iMessage chat history archived on their servers, for an indefinite amount of time?

    I recently realized that Apple will keep copies of messages sent weeks earlier and will try to "sync" them to a device that has been registered in the past as an iMessage device, and you have just turned on.

    Example:
    On my Apple ID I have an iPhone, iPad, two iMacs, and a MacbookAir.

    All devices are registered for iMessage use, under the same Apple ID.

    For the past few months I rarely use MacbookAir because iPad has become my primary mobile computing device.

    Yesterday I turned on my MacBookAir after several weeks of inactivity. As soon as I logged in, iMessage started "downloading" conversations that have ended and have been deleted from all my other devices, many weeks ago.

    So my questions are:cool::
    1. Why does Apple keep a copy of all the iMessage conversations for an indefinite amount of time?
    2. Why is this not mentioned anywhere?
    3. Why does not Apple give you the option to delete all that archived history of iMessages from their servers?

    Wouldn't it be more logical that Apple tries to sync messages for a specific amount of time (as the SMS protocol does), and if after that period the message is not delivered, it should be deleted from their servers?
     
  2. dontpannic macrumors 6502

    dontpannic

    Joined:
    May 16, 2011
    Location:
    Orpington, Kent, UK
    #2
    No, I'm not. In fact I think it works exactly how I want it to work. If I turn on a device and want to look back at a message conversation, I don't want to have to remember which device I had on when I was sending those messages. I'd much prefer all the messages to appear everywhere.

    Is it a security risk? Someone would have to log in to YOUR iMessage account in order to sync those messages. When you do log on to an iMessage account on a new device, old messages aren't synced.

    They're not accessible by anyone else - they're encrypted. Not even Apple can see them. In fact, its much more secure than the SMS protocol.
     
  3. Blipp macrumors 6502

    Joined:
    Mar 14, 2011
    #3
    I guess I'm surprised by your surprise. This was the exact behavior I was expecting and value about iMessage. Maybe it makes me a push over or even a tinfoil hatter but I long ago accepted that all of my digital communication was being recorded somewhere by someone with or without my consent. I might as well get some use out of it all I guess...
     
  4. CB1234 macrumors 6502a

    CB1234

    Joined:
    Sep 20, 2012
    Location:
    Dubai, UAE
    #4
    Why only iMessage a security risk?

    I am sure phone calls we make, emails we send, every bit of information across the web is somehow monitored by someone somewhere.....

    It's only a risk, if your messages are out in general domain for everyone to see OR if you are a terrorist planning something major and you are worried someone will cotton on.....
     
  5. akouris thread starter macrumors newbie

    Joined:
    Nov 13, 2012
    #5
    I am surprised that you do not consider a risk or a privacy concern the fact that Apple stores all your iMessage conversations for an indefinite amount of time.

    Since I do not live in the US, it concerns me that a US based company is keeping a record of all my conversations, without actually notifying me or giving me the option to delete those conversations.

    Do they ever delete these conversations, even after they deliver them to my devices? You don't know, but it seems that they actually do.

    Let me point that this was the reason why Blackberry service was prohibited from operating in many countries around the world; local authorities felt that there was a security and privacy concern when their citizen's messages were routed and stored in another country, beyond their legislation.
     
  6. Daveoc64 macrumors 601

    Joined:
    Jan 16, 2008
    Location:
    Bristol, UK
    #6
    The major problem with iMessage is that it has few options to configure it.

    If you're worried about Apple storing your messages (I can understand that), I suggest that you just turn it off.
     
  7. Small White Car macrumors G4

    Small White Car

    Joined:
    Aug 29, 2006
    Location:
    Washington DC
    #7
    And google keeps your email. And dropbox has your files. And AT&T knows who you called and how long you spoke to them and what you texted them.

    If this stuff bothers you (and it's fine if it does) then I'm kind of surprised you have an iPhone at all. What's the point in owning a device like this if you're not going to use any online services? There are cheaper devices if all you want to do is watch videos.
     
  8. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #8
    I believe countries such as India and Saudi Arabia were upset Blackberry did not hand over encryption keys to the countries, not that they were worried about messages being routed elsewhere. I could be wrong though.
    Also where does Apple say it stores the messages indefinitely? Do you have a link to their policy?
     
  9. MonkeySee.... macrumors 68040

    MonkeySee....

    Joined:
    Sep 24, 2010
    Location:
    UK
    #9
    All you messages are stored somewhere whether you like it or not. Just ask the police :)
     
  10. akouris thread starter macrumors newbie

    Joined:
    Nov 13, 2012
    #10
    You expect Google to keep your mails, because you actually see them everytime you log into their service. They do give you the option to delete everything, including your profile/identity, and they go to great lengths to ensure that this is done.

    Would you feel "ok" if you realized that since you have been using AT&T's network to speak, they have actually stored all your voice conversations (without ever telling you that) and they will be keeping them stored for an indefinite amount of time?
     
  11. dontpannic macrumors 6502

    dontpannic

    Joined:
    May 16, 2011
    Location:
    Orpington, Kent, UK
    #11
    Jesus. Tin foil hat brigade or what! I live in the UK and I couldn't care less where my messages are stored. If ever anyone were to look at them they'd just see banter between mates and when and where I'm picking someone up from.

    Unless you're plotting a terrorist attack then I wouldn't worry!
     
  12. akouris thread starter macrumors newbie

    Joined:
    Nov 13, 2012
    #12
    Apple does not appear to have a specific policy regarding iMessage - and that is the main concern.
     
  13. Small White Car macrumors G4

    Small White Car

    Joined:
    Aug 29, 2006
    Location:
    Washington DC
    #13
    Honestly I somewhat expect that this could be happening already. I also don't really believe Gmail can be totally erased.

    It's funny that people are calling you a tin-foil hat wearer when it seems that you trust all these companies far MORE than I do.
     
  14. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #14
    They might have a policy. Better yet, ask them.
     
  15. akouris thread starter macrumors newbie

    Joined:
    Nov 13, 2012
    #15
    The issue is not what you somewhat expect, but what is legally or illegally happening, and whether the company that offers you the service notifies you about it.

    I am pretty sure that most people using iMessage expect that they have the same privacy level as they do when they use the antiquated SMS (or better), when that apparently is not true.
     
  16. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #16
    Who expects privacy using SMS? Any official with a warrant from a judge can compel a phone company to release SMS messages. There is no such thing as privacy these days.
     
  17. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #17
    Here's a link where you can ask Apple directly:
    http://www.apple.com/privacy/contact/

    Let us know what they say.

    ----------

    But to answer your question, when you start up your iOS device for the first time, you have to click the button that says you agree to the Terms of Service.

    This is what the Terms of Service you agreed to says about iMessage.

    http://images.apple.com/legal/sla/docs/iOS6.pdf
     
  18. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #18
    Well, some countries (especially in Europe) have far stricter privacy and data retention laws than the US. In Germany, for example, telecom operators are not allowed to store communication data longer than necessary for operational reasons (e.g. for billing purposes). I think there are good reasons to be concerned about Apple's privacy policies, especially considering that not just the government, but also hackers could get access to your information (remember the Honan hack?).
     
  19. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #19
    I don't claim to understand privacy policies in other countries. I was making a general claim that these days there is not much privacy. Most governments can request access to data and get it with court approval or maybe with no court approval. Even with strict policy, who defines what operational reasons are, 30 days then data is deleted?
    I compare SMS, iMessage and email to a post card. If you don't want people to read it or force a company to reveal it, encrypt it using PGP or something else.
     
  20. ggmissmolly macrumors regular

    Joined:
    Sep 20, 2011
    Location:
    Lexington, KY
    #20
    Who are you, David Patraeus? All of your e-mails, web sites, and third party storage files are saved by somebody. Where have you been? Use the regular mail and then hope the receiver doesn't retain you letters for future blackmail. There never was any privacy. Get over it. As long as you are just an ant in the hill nobody cares.
     
  21. scaredpoet, Nov 14, 2012
    Last edited: Nov 14, 2012

    scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #21
    You have not established this as fact. You have conjecture based on observation, but no actual proof that messages are held indefinitely.

    How do we know, for instance, that Apple isn't just polling data from your other iDevices and using the messages stored there to re-sync your dis-used MacBook Air? Apple might not be storing ANY messages. It could well be just using the messages YOU have stored yourself to populate the other devices sharing the same account.

    Your concerns are very easily allayed:

    [​IMG]


    You grossly misinterpret the motives of those local authorities. The "privacy and security" of their citizens played no part in those prohibitions, at all. Their concerns were not altruistic, that their poor, poor citizens could have their privacy violated by this evil foreign corporation. Quite the contrary: having messages encrypted and routed on servers outside of their legal jurisdiction meant it was harder for them to gain access to and read those messages for themselves. The fact that RIM capitulated in many instances by establishing servers in those countries has actually made BBM less secure, as those local authorities you hold in such high esteem now hold the keys to decrypt and eavesdrop on any traffic that passes through those locally-hosted servers.

    When one wears a tinfoil hat, it's amazing how many holes they're willing to poke into it, and point those holes in all the wrong places.
     
  22. stoneland macrumors member

    Joined:
    Nov 4, 2012
    #22
    Agree...pretty much everything is logged in some way, shape, or form. That's just the way things are going.
     
  23. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #23
    AT&T does not store the content of your text messages:

    http://www.wired.com/threatlevel/2011/09/cellular-customer-data/

    They do keep records of who, when and from where you text or call for several years though (which would be illegal in most EU countries).
    Using online services doesn't mean we have to give up our privacy. These things can be regulated.
     
  24. Jare macrumors 65816

    Jare

    Joined:
    Jun 17, 2010
    Location:
    Canada
    #24
    How about you stop sending naughty / embarrassing iMessages. If you're not doing that, what the **** are you worried about? Who cares if they store it. Oh no, Apple knows you texted Bob at 4:19pm "I'm hungry". TINFOIL HAT!
     
  25. Small White Car macrumors G4

    Small White Car

    Joined:
    Aug 29, 2006
    Location:
    Washington DC
    #25
    Once I got a text message from someone 24 hours after they sent it. So for 24 hours that data was living in AT&T's computers.

    So they say it's not saved at all and I say it can stay on their servers at least a day, apparently. So now that we know the statement isn't true who's to say where the truth really lies? 2 days? 3? A week? A month?

    No way to know, unfortunately, since we know that what they're telling you is a lie.
     

Share This Page