Apple reportedly stores iMessage metadata, including contacts and IP addresses, which it could be compelled to pass on to law enforcement.
The Intercept has obtained documents showing that iMessage conversation metadata is logged on Apple's servers. The information includes the time and date on which messages are sent, frequency of contact and IP address, which could be used to ascertain limited location information.
This contradicts a statement released by Apple in 2013 in relation to the NSA's PRISM surveillance programme, in which the company affirmed its commitment to "customer privacy" and insisted that it does not store information related to a users' location.
"Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption, so no-one but the sender and receiver can see or read them. Apple cannot decrypt that data," a spokesperson said at the time.
"Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form."
The newly obtained documents, which originate from a state police agency that facilitates data collection using controversial tools, also revealed that Apple maintains a log of phone numbers entered into Messages and potentially elsewhere on an Apple device, like the Contacts app.
The collection of this metadata is down to the way Apple logs users and non-users of its Messages system. Text from contacts who chat via iMessage comes in as a blue bubble, while SMS is used for non-Apple devices and shows up as a green bubble.
To figure out how to route a message, Apple automatically checks numbers entered into an iOS device, whether that be in the Messages app or saved to a contact, with its servers to see whether it has been associated with an iTunes account.
Apple has responded to the report, confirming that there are times when it can hand over server logs but that the content of conversations is inaccessible.
"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications," Apple said in a statement.
"In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices.
"We work closely with law enforcement to help them understand what we can provide and make clear that these query logs don't contain the contents of conversations or prove that any communication actually took place."
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold