A document obtained by The Intercept indicates that iMessage data on your iPhone can be tracked and used by law enforcement when a court order is issued. According to the report, iMessage information is stored as metadata every time a user adds or accesses a phone number, which will be considered a query.
The metadata is meant to determine whether or not messages will be sent using SMS or the iMessage app. A query is logged even if the user doesn't send an iMessage at all.
While the data doesn't store the contents of an iMessage, it logs the date and time a number was accessed, as well as the sender's IP address. This is a stark contradiction to Apple's privacy claim that they do not store a user's physical address since an IP address can be used to track a person's exact location.
The document was obtained from Florida Police's Electronic Surveillance Support Team. Made for "official use only", the document bears the title "iMessage FAQ for Law Enforcement". Here, a detailed answer is given to the question: "What will I get if I serve Apple with a [pen register/tap and trace] court order for an iMessage account?"
A table is then shown indicating different columns for each information that will be known from the metadata logs: the date and time of the query, the sender and receiver's phone numbers, the Client IP and the number of "lookup devices".
Apple has released a statement in response to the said document:
"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don't contain the contents of conversations or prove that any communication actually took place."
Whether or not the contents of the iMessage are kept private, there is still sensitive information that will get exposed and incriminate a person for something as simple as swapping numbers with someone.
