Apple has confirmed that personal data, including photos, text messages, and contact lists, can be extracted from iPhones through previously unpublicized techniques by company employees.
The same practices to circumvent backup encryption could be used by law enforcement or others with access to the "trusted" computers which the devices have been connected to, according to a security expert who caused Apple to come clean.
Researcher Jonathan Zdziarski showed how the services are able to access a large amount of data for what Apple now calls "diagnostic services" designed to help engineers.
The announcement was made during a presentation last week.
The services can't be disabled and iPhone users are not notified that the services are running, according to Zdziarski.
There is no way for iPhone users to know what computers have previously been granted trusted stats through the backup process or block future connections.
"There's no way to 'unpair' except to wipe your phone," he said in a video demonstration he posted Friday.
Zdziarski showed that he could extract from an unlocked phone through a trusted computer in the demonstration.
Zdziarski's initial presentation at the Hackers on Planet Earth conference opened up a lot of eyes, and many have cited it as evidence of Apple collaboration with the National Security Agency.
The iPhone maker has denied creating any "back doors" for intelligence agencies.
"We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues," Apple said in a statement. "A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data."
Apple also posted its first descriptions of the tools on its own website, and Zdziarski, along with others who spoke with the company, believe Apple will make some changes to its future programs.
Though Zdziarski said he didn't believe that the services were aimed at spies, he does believe they extracted more information than was needed, with too little disclosure.
"They are collecting more than they should be, and the only way to get it is to compromise security," security industry analyst Rich Mogull said, according to Reuters.
Mogull added that he thinks Zdziarski's work, while technically accurate, was overhyped.
He did agree that since the tool exist, law enforcement will use them in cases where the desktop computers of targeted users can be confiscated, reached through employers, or hacked.
"They'll take advantage of every legal tool that they have and maybe more," Mogull said of government investigators.
See Now: OnePlus 6: How Different Will It Be From OnePlus 5?