What Personal Data Stays on a Phone?

Photographs taken by an smartphone reside solely on the phone until they are shared or backed up. Many iPhone users have their pictures saved automatically to iCloud, and both Android and iPhone users can have photos automatically backed up to other services such as Google Photos. (When personal photos were stolen from Jennifer Lawrence and other celebrities in 2014, the criminals did it by accessing their iCloud accounts.)

A user can also manually save photos to a cloud service or computer, or share them through Facebook, email, or another forum.

The phone used by Syed Rizwan Farook, the San Bernardino killer, hadn’t been backed up for more than a month, so it’s possible that the phone retains pictures no one else has seen. For the rest of us, avoiding backups means that photos remain private—but vulnerable to loss if the phone is stolen or the data accidentally erased.

We’ll get to Apple’s iMessages in a moment. But ordinary text messages transmitted from one phone to another have to pass through cell providers’ computer systems. Carriers retain metadata, or information on when text messages were sent, and to whom. That data is used for billing. However, most carriers only store the body of texts for as long as it takes to transmit them—once the message hits its target, the data is deleted. Verizon is an exception, though it doesn’t hang onto the data for long. “Text message content is generally retained for a week or less,” Richard Young, a spokesman for the carrier's legislative, regulatory and policy office, says. (The company wouldn’t say why it retains the data.)

Apple’s own messaging app, iMessage, works differently from conventional texting services.

“Carriers have no metadata on iMessages,” says Dan Guido, a security researcher and Hacker in Residence at the Polytechnic Institute of New York University. “It all gets sent to and from Apple.”

All the cell network knows is that it’s transmitting an encrypted message to Apple’s servers—and if the files are sent through Wi-Fi, they bypass the cellular carriers.

Any messages that have been backed up can be recovered—and Apple shares such information with law enforcement when provided with the right legal documentation. (Yes, Apple can decrypt iMessages stored on iCloud.) That only applies to iMessages that have been backed up by the user, either manually or through automatic backups. The company doesn’t retain the messages as they are routed from one device to another.

When it comes to location data, cellphones are natural born snitches. Law enforcement has long been able to ask carriers to find a customer in real time. If there’s an ongoing kidnapping investigation, for instance, a cellular provider can often use multiple towers to triangulate a phone’s position; this method can also be used to locate phones when they make 911 calls.

Additionally, cellular companies can peer into their records to see where phones were located when making ordinary calls a year or more in the past. However, those records are highly imprecise—phone calls aren’t always routed through the nearest tower, and towers can have a range of dozens of miles. If you remember how to calculate the area of a circle, you’ll see why records may only indicate where a phone was within several square miles, or even hundreds of square miles, when it made a call.

Smartphones also have GPS chips, and mobile app developers may be able trace everywhere a phone’s been. Google Maps, for example has an optional feature called Timeline that stores detailed location data for years, if it’s turned on in a phone’s settings. Precise doesn't begin to describe this data—you can look years into the past to see where you walked or drove on a particular day. Law enforcement can request these detailed Timeline histories from Google with a warrant.

Some geographic data is only stored locally, on the handset. The iPhone has a feature called Frequent Locations, which generates a list of specific spots you've visited, as well when and how often.

“We don't do tracking of our users’ devices, so we don't have location logs in the way that, say, a cellular company would with their cell tower pings,” says a senior Apple engineer, speaking on condition that he not be named. Frequent Locations, he confirms, “is done locally on the device, as opposed to by Apple collecting everyone's location.”

Apple says the feature is intended to offer services such as predictive traffic routing. The phone can learn your commuting schedule, and offer up what Apple hopes are useful notifications, such as how long your drive home may be, based on current traffic conditions. Android phones have the same capability.

Frequent Locations can be handy, but once you look at the records, the level of detail can be unsettling. If you’ve been to your home 58 times in the past two months, it will tell you that, along with what time you arrived and left each day. (To find this data on an iPhone go to Settings > Privacy > Location Services > System Services > Frequent Locations. Tap on the name of a town in the list of places you’ve been to see the details.)

The feature can be turned off. However, if it was running on Farook’s iPhone, it could contain a record of locations the killer frequented in the days and weeks before the shooting.

Emails are stored in the cloud—if you use Gmail, for instance, the content of your correspondence resides on Google servers. It can be accessed by law enforcement armed with the right warrants. Contact lists are stored online only if they’ve been backed up by the user.

Now, this isn’t a complete list of the data generated by smartphones. There are browser histories, records of items purchased on Amazon, movies watched, and notes or videos created by mobile apps. Much of this data is stored somewhere in the cloud, and if investigators knew about every online service used by a smartphone owner, they could probably request subpoenas and uncover most of it. But no amount of such sleuthing would rule out the possibility that something important remained on the phone, and only on the phone.

That sort of uncertainty can be haunting, says one former prosecutor who spoke to us on the condition of anonymity. “Imagine if there was another terrorist attack, and it came out that there was something on a phone that might have helped stop it,” he says. “You don't always know what you're looking for. You just want all of it.”

That’s why there’s a genuine conflict at the heart of this national debate.

If companies such as Apple can be compelled to write software that undercuts security protections, security experts say, personal and financial data will be gradually become more accessible to hackers based both in the United States and abroad. And if tech companies can’t be compelled to do that, some clues in criminal investigations, even ones involved horrendous crimes, may never be discovered.

However the FBI fares in its new attempt to hack into Farook's iPhone, those tradeoffs will persist.