Turns out Apple's Messages app isn't as secure as you might think

A significant amount of information is recorded every time Messages is used...

Apple's messaging system, "Messages", allows iOS users to send encrypted SMS messages to their contacts. The company has repeatedly stated that the service is more secure than other offerings - so much so that they could not comply with a wiretap order from a law enforcement body, even if it wanted to. 

It would appear, however, that this is not the case. The Intercept has managed to access a document from the Florida Department of Law Enforcement's Electronic Surveillance Support Team. This document shows how Messages stores metadata about every phone number contacted through the app, and how police can access that information by filing a request. 

How it works:

Every time a number is entered into Messages on an iPhone, the app contacts Apple's serves to establish if the message should be sent as an SMS or via the company's encrypted service (in other words, if it's going to another Messages user).

The company records each of those queries, as well as the date and time. It also takes note of the senders IP address too, which would help identify the location of the sender.  

A law enforcement body can request these logs if they are required as part of an investigation. 

Apple confirmed the accumulation of the metadata to The Intercept. 

"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place."

It's important to note, however, that Apple only stores this log of information for 30 days.