Is call audio logging baked into your iOS device?

Are Apple and the NSA logging your phone calls?

How much do we actually know about our mobile devices? The information they collect, store and transmit is largely unknown to the majority of users and closed sources and systems make it difficult to maintain transparency in a progressively security conscious time.

We all make mistakes with security, your author revealed some of these a few years ago where Facebook, Dropbox, 1Password and a smorgasbord of other apps were found to be storing critical data in plain text.

A few years on and again I was digging around in code and spotted something which concerns me.

It may be nothing, but I think it’s in our collective interests to have the following clarified.

The following header file displays the function names contained within the iOS 8.1 Springboard App’s TelephonyManager interface

 

#import SpringBoard-Structs.h
#import <XXUnknownSuperclass.h> // Unknown library
#import RadiosPreferencesDelegate.h
@class SBAlertItem, RadiosPreferences, TUCall, NSObject, NSTimer, NSString;
@protocol OS_dispatch_queue;
__attribute__((visibility(hidden)))
@interface SBTelephonyManager : XXUnknownSuperclass <RadiosPreferencesDelegate> {
CTServerConnectionRef _serverConnection;
BOOL _containsCellularRadio;
BOOL _hasCellularTelephony;
BOOL _hasCellularData;
BOOL _hasAnyTelephony;
NSString* _cachedCTRegistrationCellStatus;
NSString* _cachedCTRegistrationDisplayStatus;
int _cachedCTRegistrationIsForcedHome;
int _cellRegistrationStatus;
int _registrationStatus;
NSTimer* _fakeServiceTimer;
  NSTimer* _fakeCellServiceTimer;
BOOL _signalStrengthHasBeenSet;
long _signalStrength;
long _signalStrengthBars;
NSString* _operatorName;
NSString* _lastKnownNetworkCountryCode;
unsigned _usingWifi : 1;
int _vpnConnectionStatus;
unsigned _iTunesNeedsToRecheckActivation : 1;
unsigned _pretendingToSearch : 1;
unsigned _callForwardingIndicator : 2;
NSObject<OS_dispatch_queue>* _wirelessModemDynamicStoreQueue;
SCDynamicStoreRef _queue_wirelessModemDynamicStore;
CFStringRef _queue_wirelessModemDynamicStoreSharingKey;
BOOL _isNetworkTethering;
int _numberOfNetworkTetheredDevices;
unsigned _hasShownWaitingAlert : 1;
SBAlertItem* _activationAlertItem;
int _numActivationFailures;
int _inEmergencyCallbackMode;
unsigned _loggingCallAudio : 1;
NSString* _inCallStatusPreamble;
NSString* _inCallDurationString;
NSTimer* _inCallTimer;
NSTimer* _inCallStyleDelayTimer;
RadiosPreferences* _radioPrefs;
int _needsUserIdentificationModule;
NSString* _simStatus;
int _suppressesCellDataIndicator;
int _suppressesCellIndicators;
int _lteConnectionShows4G;
int _modemDataConnectionType;
BOOL _modemDataConnectionTypeIsKnown;
BOOL _fallingBackToCellular;
tcp_connection_fallback_watch_s* _cellularFallbackWatcher;
void* _queue_fastDormancySuspendAssertion;
TUCall* _incomingCall;
TUCall* _activeCall;
TUCall* _heldCall;
TUCall* _outgoingCall;
}
@property(retain, nonatomic) TUCall* outgoingCall;
@property(retain, nonatomic) TUCall* heldCall;
@property(retain, nonatomic) TUCall* activeCall;
@property(retain, nonatomic) TUCall* incomingCall;
+(id)sharedTelephonyManagerCreatingIfNecessary:(BOOL)necessary;
+(id)sharedTelephonyManager;
-(void)_setIsNetworkTethering:(BOOL)tethering withNumberOfDevices:(int)devices;
-(int)numberOfNetworkTetheredDevices;
-(BOOL)isNetworkTethering;
-(void)_queue_noteWirelessModemDynamicStoreChanged;
-(void)noteSIMUnlockAttempt;
-(int)registrationCauseCode;
-(BOOL)needsUserIdentificationModule;
-(id)SIMStatus;
-(void)_setSIMStatus:(id)status;
-(int)registrationStatus;
-(int)cellRegistrationStatus;
-(id)operatorName;
-(void)_operatorBundleChanged;
-(void)setOperatorName:(id)name;
-(void)_reallySetOperatorName:(id)name;
-(void)_fetchOperatorNameWithCompletion:(id)completion;
-(long)signalStrengthBars;
-(long)signalStrength;
-(void)_setSignalStrength:(long)strength andBars:(long)bars;
-(void)_carrierBundleChanged;
-(void)_prepareToAnswerCall;
-(BOOL)_pretendingToSearch;
-(void)_stopFakeCellService;
-(void)_cancelFakeCellServiceTimer;
-(void)_stopFakeService;
  -(void)_startFakeServiceIfNecessary;
  -(void)_cancelFakeServiceTimer;
-(void)_updateRegistrationNow;
-(void)_setRegistrationStatus:(int)status;
-(void)_setCellRegistrationStatus:(int)status;
-(void)_setCachedCTRegistrationCellStatus:(CFStringRef)status displayStatus:(CFStringRef)status2 forcedHome:(BOOL)home;
-(CFStringRef)_cachedCTRegistrationDisplayStatus;
-(CFStringRef)_cachedCTRegistrationCellStatus;
-(void)postponementStatusChanged;
-(void)_proximityChanged:(id)changed;
-(void)_headphoneChanged:(id)changed;
-(void)_resetCTMMode;
-(id)ttyTitle;
-(BOOL)shouldPromptForTTY;
-(void)configureForTTY:(BOOL)tty;
-(void)exitEmergencyCallbackMode;
-(void)_setIsInEmergencyCallbackMode:(unsigned char)emergencyCallbackMode;
-(BOOL)isInEmergencyCallbackMode;
-(BOOL)isEmergencyCallActive;
-(void)_provisioningUpdateWithStatus:(int)status;
-(void)_setCurrentActivationAlertItem:(id)item;
-(id)copyTelephonyCapabilities;
-(id)copyMobileEquipmentInfo;
-(BOOL)isUsingVPNConnection;
-(void)_setVPNConnectionStatus:(int)status;
-(void)_setIsUsingWiFiConnection:(BOOL)connection;
-(BOOL)_isTTYEnabled;
-(BOOL)isUsingSlowDataConnection;
-(BOOL)registeredWithoutCellular;
-(BOOL)isInAirplaneMode;
-(void)setIsInAirplaneMode:(BOOL)airplaneMode;
-(BOOL)cellDataIsOn;
-(BOOL)cellularRadioCapabilityIsActive;
-(void)_setSuppressesCellIndicators:(int)indicators;
-(void)_postDataConnectionTypeChanged;
-(int)dataConnectionType;
-(void)_updateDataConnectionType;
-(int)_updateModemDataConnectionTypeWithCTInfo:(id)ctinfo;
-(BOOL)_suppressesCellDataIndicator;
-(BOOL)_lteConnectionShows4G;
-(void)_resetModemConnectionType;
-(void)setNetworkRegistrationEnabled:(BOOL)enabled;
-(BOOL)isNetworkRegistrationEnabled;
-(BOOL)MALoggingEnabled;
-(void)dumpBasebandState:(id)state;
-(void)_setIsLoggingCallAudio:(BOOL)audio;
  -(BOOL)isLoggingCallAudio;
-(void)disconnectCallAndActivateHeld;
-(void)disconnectCall;
-(void)disconnectAllCalls;
-(void)swapCalls;
-(void)disconnectIncomingCall;
-(BOOL)inCall;
-(unsigned)faceTimeAudioCallCount;
-(unsigned)telephonyCallCount;
-(unsigned)_callCountForService:(int)service;
-(BOOL)shouldHangUpOnLock;
-(BOOL)callWouldUseReceiver:(BOOL)receiver;
-(BOOL)inCallUsingSpeakerOrReceiver;
-(id)_fastPickedRouteForCall;
-(BOOL)multipleCallsExist;
-(BOOL)outgoingCallExists;
-(BOOL)incomingCallExists;
-(BOOL)heldCallExists;
-(BOOL)activeCallExists;
-(id)displayedCall;
-(void)telephonyAudioChangeHandler;
-(int)callCount;
-(void)callEventHandler:(id)handler;
-(void)handleCallAudioFinished:(id)finished;
-(void)handleCallControlFailure:(id)failure;
-(void)updateDisplaySettings:(id)settings forOutgoingCallURL:(id)outgoingCallURL outURL:(id*)url;
-(BOOL)isEmergencyCallScheme:(id)scheme;
-(id)lastKnownNetworkCountryCode;
-(void)_updateLastKnownNetworkCountryCode;
-(void)_updateNetworkLocale;
-(BOOL)updateLocale;
-(void)_updateState;
-(void)updateCalls;
-(void)airplaneModeChanged;
-(void)updateAirplaneMode;
-(void)setFastDormancySuspended:(BOOL)suspended;
-(void)queue_setFastDormancySuspended:(BOOL)suspended withConnection:(CTServerConnectionRef)connection;
-(void)setLimitTransmitPowerPerBandEnabled:(BOOL)enabled;
-(id)inCallDurationString;
-(void)updateStatusBarCallDuration;
-(id)preambleStringForKey:(id)key;
-(void)_updateStatusBarCallStateForCall:(id)call;
-(void)_noteInCallStyleDelayExpired;
-(void)_noteInCallAlertDidActivate;
-(id)_phoneApp;
-(void)updateSpringBoard;
-(int)callForwardingIndicator;
-(void)updateCallForwardingIndicator;
-(void)setCallForwardingIndicator:(int)indicator;
-(double)inCallDuration;
-(void)updateTTYIndicator;
-(BOOL)emergencyCallSupported;
-(BOOL)hasAnyTelephony;
-(BOOL)hasCellularData;
-(BOOL)hasCellularTelephony;
-(BOOL)containsCellularRadio;
-(void)SBTelephonyDaemonRestartHandler;
-(void)_serverConnectionDidError:(SBIconCoordinate)_serverConnection;
-(void)_avSystemControllerDidError:(id)_avSystemController;
-(CTServerConnectionRef)_serverConnection;
-(void)_performQueryInBackground:(id)background withMainQueueResultHandler:(id)mainQueueResultHandler;
-(void)_postStartupNotification;
-(id)init;
@end

 

As you can see I’ve highlighted a few items which have captured my attention.

(void)_setIsLoggingCallAudio:(BOOL)audio;

Note, not “isLoggingCall”, which I would assume is just your recent calls list but “isLoggingCallAudio“.

Again this could be just a terribly misleading function name but what if it isn’t? Personally I’d like to know.

Anyone who does have any info on this please comment!

-(void)_startFakeServiceIfNecessary;

Really Apple? I realise I’m probably just looking at some “make things look pretty even though there’s no signal” functionality here but that’s pretty bad form too.

Can we clarify this? At the moment all I see is either faking service bars where we have none or running a BTS. The former being much more likely!

 

Thoughts, clarifications or explanations? Leave them in the comments.

 

Leave a Reply