Does the title sound like a flame-post in the making? Well, it shouldn’t, because I am a happy Mac user for some years now and until yesterday I was a confident iPhone user (except for the fact that I still can’t shoot video with the damn thing, but that’s another story). Until yesterday you say? Yes, and I’ll tell you why.
On the 17th of June I – like many others – downloaded the new 3.0 firmware for the iPhone 3G. The validation took a while, thus my conclusion that it was pretty crowded at Apples servers. The update overall went smoothly and the new features were very welcome.
Last Sunday I hooked up my iPhone to my MacBook and I started iTunes to make a well needed sync (I had a new F/W version after all). As always I got the text-box asking me if I wanted to sent off my statistics- and crash data to Apple. I never ticked the ‘don’t ask again’ box, so I still get this message every time I hook up my iPhone. I like that, because I’m always curious for what to find in it’s logs; I often look around there. This time was no exception and to my surprise I found a new set of log files, all named like this:
log-bb-2009-06-20-15-40-04-csi.txt
Great I thought, let’s see what’s inside of them. At first I saw some normal logging of the signal strength and drawed reception bars, nothing special:
236830.449 reg: Reported signal strength is -101, smoothed -97
236830.449 reg: telling UI to draw 5 bars, -97 signal
236830.449 evt: Sending event kSignalStrengthNotification (15)
236833.450 reg: telling UI to draw 5 bars, -98 signal
236833.451 evt: Sending event kSignalStrengthNotification (15)
A bit further in the file I saw something else I just could not believe. I checked it, and I checked it again:
238596.436 evt: Sending event kCallStateChangeNotification (1)
238596.437 recv[call]: RING
238596.437 recv[call]: +CLIP: "073XXXXXXX",129,,,,0
238596.437 clm: GS01 Submitted
238596.437 clm: Current caller id info is 073XXXXXXX
238596.437 evt: Sending event kIncomingCallerIdNotification (9)
238596.438 recv[reg]: RING
238596.438 recv[reg]: +XDRV: 5,9,0,0,3115,3137
238596.438 recv[reg]: OK
238596.438 recv[sms]: RING
238596.439 recv[low]: RING
238596.439 recv[pdp_ctl]: RING
238596.439 reg: starting temperature notifcation watchdog timer for period 20
238596.439 recv[pdp_0]: RING
238596.440 recv[pdp_1]: RING
238596.440 recv[pdp_2]: RING
238596.440 recv[pdp_3]: RING
That 073XXXXXXX number was a number I had recently received a call from (obfuscated for obvious reasons). Did my iPhone suddenly log all my incoming caller id’s? Confused as I was I looked a bit further and I found this:
240596.786 reg: Reported signal strength is -103, smoothed -102
240597.787 reg: telling UI to draw 4 bars, -101 signal
240597.787 evt: Sending event kSignalStrengthNotification (15)
240599.347 recv[reg]: +XCIEV: 7,
240599.348 reg: Reported signal strength is -99, smoothed -101
240600.044 clm: dial "073XXXXXXX" ()
240600.044 clm: Clearing DTMF queue
240600.046 evt: Sending internal notification kEventCallActive (0) params={0, 0, 0x0}
240600.046 evt: Sending internal notification kEventDataMode (36) params={3, 3, 0x0}
240600.046 evt: Sending event kDataModeNotification (113)
240600.047 clm: Submitting GS02: state = 2 (mapping 3)
240600.060 clm: REDIAL: Checking status 4 2 0 0 1
A number I recently called. So outgoing numbers are logged as well!
I canceled the transfer to Apple and copied all the log files for further analysis and that’s where I am now.
Why does Apple do this? I can understand why these log lines are there; they are key during development of the software, but what is their function now? I mean, if this is really what I think it is, namely that I almost send a plain text file to Apple containing my incoming calls, outgoing calls, timestamps, my iPhone ID, combined with my iTunes account this adds with my address, phone number and credit card number, than there are only two sensible options left:
1. Apple has become the Google squared when it comes to privacy infringement and someone at Apple shares a board function with the NSA, or
2. Apple is so naïve that they actually think that we trust them beyond any doubt
Well, call me paranoia, but I find this a strange development to say the least. Furthermore, I see these logs because I haven’t checked that ‘don’t ask again’ check box one normally gets (plus I have a boring day every now and then). I guess a lot of people only saw this box once and are now unknowingly sending off their caller id’s to Apple. That’s bad!
I’m interested to hear your comments, so please, post them below. Has anyone seen this log file in the 2.x F/W? Has anyone spotted these log-lines before? Can anyone confirm if these log files are sent to Apple over HTTP (thus without encryption, adding to the cause)? And who can tell me how long Apple can keep these files before they are obliged to destroy them?
And if Apple reads this: please remove these logs! Let me sent you the crash-/statistics data you want, but please respect my privacy!
Rick.
UPDATE 24-06-2009:
I found out that these log lines were already there in the 2.x F/W (link). So that would mean that I’ve already send off almost a year of calling data back to Apple, yikes! It becomes even more interesting to learn how long Apple may use these send files and what they are doing with them (especially with the caller id’s).
), as they test a preview/alpha version of IE9 only against stable browsers of other vendors. They should have tested against Firefox 3.7, Chrome 5 etc. for a realistic table. Also 
(but I also thought that of IE7 and IE8, which both turned out to be ugly dragons after all).
.