MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,124
15,931



Encrypted communications app Signal received an update yesterday that enabled video calling for the first time, but the latest version also brings CallKit support to the platform, which may leave some privacy-conscious users wary.

Introduced in iOS 10, the CallKit SDK allows incoming calls from third-party VoIP apps to appear on the iOS lock screen and recent calls list, just like standard cellular IDs do. The concern among the privacy community is that their call data - including who they called and how long they spoke for - could be synced to iCloud.

Screen-Shot-4-800x466.jpg

In a blog post announcing the new beta features, Signal developers Open Whisper Systems noted that like video calling, CallKit integration is optional, and those concerned about data leakage can turn the support off in settings (Settings -> Advanced -> Use CallKit). The developers also told Wired that in the future, CallKit might only display "Signal users" in an iPhone's call log, to prevent the disclosure of identifying information.

Back in August, Russian security firm Elcomsoft discovered that iPhones automatically send a user's call history to the company's servers if iCloud is enabled, but the data gets uploaded in many instances without any user notification. The fear among privacy-minded users is that state actors could theoretically gain access to this information through cooperation with Apple, or that hackers could crack iCloud passwords and break into accounts.

More recently Elcomsoft revealed that when iPhone and iPad users permanently deleted their Safari browser history off their devices, iCloud had been storing that history for several months to over a year, before Apple reportedly fixed the issue. Concerned users are advised to turn off iCloud backups to keep their browsing history private, and be sure to check out the MacRumors Safari privacy guide for more useful information regarding browser settings on iOS devices.

Signal Private Messenger is a free download [Direct Link] for iPhone and iPad available on the App Store.

Article Link: Signal Privacy Messenger Users Advised to Turn Off CallKit Support in Latest Update
 

Sasparilla

macrumors 68000
Jul 6, 2012
1,673
2,812
FYI....You have to enable the beta "take video calls from the lock screen" for this to be an issue. Just regular Signal use, even with latest update, won't cause the CallKit support to be enabled.
 
  • Like
Reactions: pdshelley
Comment

DaveTheRave

macrumors 6502a
May 22, 2003
660
240
I'm glad this app keeps getting updated. I really believe everyone should have it even if none of your contacts use it now. I only have one contact on it but I'm keeping it on my phone because they say the Signal encryption is the best - Snowden-approved! WhatsApp uses it. But Signal doesn't backup conversations to the cloud so you could argue its more secure than Whatsapp. Most of us don't require that level of security but nice to know it's there as an option. Download Signal today!
 
Comment

pdshelley

macrumors newbie
Oct 26, 2016
7
2
Smart move to make it optional. I'd like to see that be core to Apple's own settings as well.

"Call Blocking & Identification", the setting referred to here that can be set up through Apple's CallKit API, is always optional and needs to be explicitly turned on by the user as it is off as default. This is because Apple built it that way and not because Signal did something extra.
 
Comment

thisisnotmyname

macrumors 68020
Oct 22, 2014
2,423
5,166
known but velocity indeterminate
"Call Blocking & Identification", the setting referred to here that can be set up through Apple's CallKit API, is always optional and needs to be explicitly turned on by the user as it is off as default. This is because Apple built it that way and not because Signal did something extra.

Yes, and I have that off because I'm a bit of a privacy whack-a-doodle. I'd like control over iCloud extended into other areas though as well such as forbidding Safari history from synching or eliminating iMessage from backups. Ideally I'd like individual encryption keys on iCloud backup altogether (opt-in and warning us that if we lose the key the backup becomes useless as even Apple would not be able to decrypt the data) so I would feel comfortable using the service; currently I only backup locally to media I control and use encryption solely in my possession.
 
  • Like
Reactions: pdshelley
Comment

Rigby

macrumors 603
Aug 5, 2008
5,717
9,624
San Jose, CA
"Call Blocking & Identification", the setting referred to here that can be set up through Apple's CallKit API, is always optional and needs to be explicitly turned on by the user as it is off as default. This is because Apple built it that way and not because Signal did something extra.
This is not the setting referred to here. Signal has a setting that prevents it from registering with Callkit. The "Call Blocking & Identification" you are referring to has nothing to do with and does not prevent uploading of the call history to the cloud.
 
Comment

pdshelley

macrumors newbie
Oct 26, 2016
7
2
Yes, and I have that off because I'm a bit of a privacy whack-a-doodle. I'd like control over iCloud extended into other areas though as well such as forbidding Safari history from synching or eliminating iMessage from backups. Ideally I'd like individual encryption keys on iCloud backup altogether (opt-in and warning us that if we lose the key the backup becomes useless as even Apple would not be able to decrypt the data) so I would feel comfortable using the service; currently I only backup locally to media I control and use encryption solely in my possession.

I agree that better features like this would be nice and I think Apple has been improving iCloud with better security and privacy. Using a cloud sync system like iCloud provides conveniences and with that their are tradeoffs. At the same time it seems like iCloud is probably the most pro-privacy for any major and similar services and Apple has been good about standing up for privacy rights. I personally feel comfortable with iCloud but I would also really like to see iCloud backups be encrypted in a way that only I could gain access to that data.
 
Comment

tangfish

macrumors regular
Sep 12, 2014
226
270
Until Signal App allows users to register and use the app *without* granting it unfettered access to all of the device's contacts, it's not really a privacy minded app. Encrypted messages and calls, yes - but in exchange for your entire address book...
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.