|App||Legal process & additional
*Subpoena: can render basic
USC §2703(d): can render 25 days of iMessage lookups and from a
Register: no capability.
Warrant: can render backups of a target device; if target uses
iCloud backup, the encryption keys should also be provided with content return
can also acquire iMessages from iCloud returns if target has enabled Messages in
and/or victim’s registered information (profile image, display name, email
address, phone number, LINE ID, date of registration, etc.)
*Maximum of seven days worth of
specified users’ text chats (Only when E2EE has not been elected and applied and
only when receiving an effective warrant; however, video, picture, files,
location, phone call audio and other such data will not be
and time a user registered.
*Last date of a
user’s connectivity to the service.
contact information provided for law enforcement to pursue a court order. As per
of phone number and email address, if provided by user.
Token, if push service is used.
*Date (no time) of Threema ID
Date (no time) of last
account (i.e. phone number)) registration data and IP address at time of
*Message history: time, date,
source number, and destination number.
account preservation letters and subpoenas, but cannot provide records for
accounts created in China.
accounts, they can provide basic information (name, phone number, email, IP
address), which is retained for as long as the account is
*Subpoena: can render
basic subscriber records.
order: Subpoena return as well as information like
warrant: Provides address book contacts and WhatsApp
users who have the target in their address book contacts.
*Pen register: Sent
every 15 minutes, provides source and destination for each message.
target is using an iPhone and iCloud backups enabled, iCloud returns may contain
WhatsApp data, to include message content.
and time account created.
*Type of device(s)
app installed on.
*Date of last use.
*Number of messages.
of external IDs (email addresses and phone numbers) connected to the account,
bot not to plaintext external IDs themselves.
records of recent changes to account setting such as adding or suspending a
device (does not include message content or routing and delivery