Going Mobile: Data Discoverable on Mobile Devices

In our last post, we discussed mobile device management policies and the considerations for each policy, including the benefits of mobile device management.

If you ask most legal professionals about discovery of data from mobile devices, the discussion typically turns to text messages. However, there are several other data types unique to mobile devices that are not only discoverable, but often important in litigation and other discovery use cases as well. Not only that, but each device has its own unique types of data that also must be considered.

Types of Data Available Within Mobile Devices

Text messages are the most common type of data that can be discovered from mobile devices, but it’s also important to consider various other unique data types specific to these devices that are routinely responsive in discovery. Those include:

• Photos: In many cases, photographs are used to document damages or place individuals at an incident or accident scene. These photos include important metadata, not only capturing the date and time but also the geographic location where they were taken.
• Videos: Many legal cases today also rely on video footage of incidents or accidents. The widespread availability of mobile devices and the simplicity of recording videos have made them increasingly common as evidence. Mobile device cameras are ubiquitous!
• Voicemail: Recorded voicemail messages are frequently responsive to discovery requests, just as they have been for landline phones for decades.
• Phone Logs: Phone logs are key to understanding communication patterns, which can help identify additional custodians or third parties who may have relevant information.
• Notes and Voice Memos: Many people use apps for voice memos or notes to record audio or written notes on their mobile devices, which don’t exist elsewhere.
• Files: Files which may no longer be available anywhere else within the data collection may have been downloaded to the mobile device and those files could be relevant.

Other data types that may be responsive include browser history, contact lists, geolocation data, and installed apps, which could reveal additional sources of electronically stored information (ESI). Mobile devices can take you “down the rabbit hole” of continuing to discover other potentially responsive sources of data, which is why they have become vital sources of discoverable ESI.

Device Specific Types of Data

In addition to standard types of data that exist on most mobile devices, certain types of devices, such as iPhones and Android devices, have data types unique to them. Here are some examples:

iPhones

If you’ve owned an iPhone, you have probably noticed that the color of the messages are blue for some senders and green for other senders. That’s because iPhones are designed to do more with iMessages, which is a multi-media messaging service exclusive to Apple devices that provides more capabilities than standard SMS (Short Message Service) and MMS (Multimedia Messaging Service) messages. iMessages enable tracking to confirm that a message was delivered, and (if the recipient has enabled it) that the message was read. Both could be important to refute claims that a particular custodian either didn’t receive the message or didn’t read it if they did receive it.

Other examples of data specific to iPhones which could be responsive in discovery include:

• Health Data: The Health app on iPhones collects health and fitness data, such as steps taken, heart rate, sleep patterns, and other health metrics. This data could be important to confirm or refute claims made regarding activity (or lack of it) at a specific time.
• Apple Wallet Data: Apple Wallet stores information about credit and debit cards, boarding passes, tickets, rewards cards, and other items, which could be important to verify travel or other activities.
• Apple Pay Transactions: Data related to Apple Pay transactions, including purchase history and associated details, is unique to iPhones, and could be used to “follow the money” in a variety of civil and criminal cases.
• Siri Data: Interactions with Siri, Apple’s voice assistant, are unique to iPhones. This includes voice recordings and data used to personalize the Siri experience. As is the case with searches using a web search engine like Google, these interactions could illustrate consideration or planning of illegal activity.
• App Store Purchase History: The history of app purchases and downloads from the App Store is unique to iPhones and other Apple devices and could be used to confirm that a custodian once used an app (such as a messaging app) that they don’t want to disclose.

Android Devices

Just as iPhone have iMessages, Android devices have their own enhanced message feature called Rich Communication Services (RCS). RCS is a protocol that enhances traditional SMS with features like those found in iMessages, including delivery and read receipts.

Android devices also have their own apps that create comparable data types to the iPhone data types listed above, including Google Fit (for Health and fitness data including activities and workouts), Google Wallet (for payment methods and transaction history) and Google Assistant (which is the Android counterpart to Siri as a voice assistant which includes interactions between the custodian and the device). Of course, how the apps are used and how the data is stored is different from iPhones, so the approach for collecting this information must address those differences.

Additionally, Android devices may contain data related to customizations such as launcher settings, widget configurations, and icon packs, which are often more flexible and varied on Android compared to iOS. There could even be data related to the use of custom ROMs (alternative operating systems), which is a feature unique to Android devices that allows deep customization and modification of the OS. This data could potentially identify how the device was used or steps that were taken to hide activity.

Conclusion

Text messages may be the most common data type that legal professionals seek in discovery of mobile devices, but it’s not the only data type that may be responsive in discovery. It’s important to consider and explore other potential data types – in terms of requesting that data from opposing parties and/or preserving those types of data as potentially responsive to meet your preservation obligation and avoid spoliation sanctions.

If you missed the first blog in our series, you can catch up here to explore how discovery of data from mobile devices has become more important, while also one of the most challenging forms of ESI to preserve and collect. Next time, we’ll discuss metadata associated with mobile device ESI and how it can be used to authenticate or refute evidence.

For more regarding Cimplifi forensics & collections capabilities, click here.