User profile for user: bornagaingirl
bornagaingirl Author
User level: Level 1
13 points

How do I interpret the RTCReporting_messageLog report?

Could someone please explain the contents of this report? I'm attaching it as a PDF via Mail Drop since it's too long to post here.


Thank you!



[Edited by Moderator]

iPhone 15 Pro Max, iOS 18

Posted on May 3, 2025 8:18 PM

Reply
5 replies
Sort By: 
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
136,743 points

May 5, 2025 1:57 PM in response to bornagaingirl

As mentioned above, Analytics and telemetry are intended for use by Apple and for app developers.


Apple logs have a very long history of containing ominous and scary-worded and utterly benign messages.


From the manual for the related daemon:


NAME
rtcreportingd — Diagnostics and Usage Reporting SYNOPSIS
     rtcreportingd

DESCRIPTION
rtcreportingd is a system daemon that collects diagnostics and usage 
telemetry data locally for users that have opted in for reporting.

There are no configuration options to rtcreportingd, and users should 
not run rtcreportingd manually.


If you want to know more about macOS, iOS, or iPadOS internals and operations, start with the three volumes of the OS X and iOS Internals book by Jonathan Levin. Probably then training on digital forensics and rummaging for and identifying malware. This if you want technical details. There are some good write-ups on identifying certain iOS malware available from Citizen Lab and Google Project Zero, among other sources. Not the least of which was the write-up on the details of the NSO JBIG2 exploit tooling, which was beyond clever.


PS: PDF files can be built to contain malware.

Reply
User profile for user: TheLittles
TheLittles
User level: Level 10
200,726 points

May 3, 2025 8:32 PM in response to bornagaingirl

"How do I interpret the RTCReporting_messageLog report?: Could someone please explain the contents of this report? I'm attaching it as a PDF via Mail Drop since it's too long to post here."

-------


Provide a Screenshot:

Rather than having it downloaded, providing a screenshot would be more suitable(Al least, IMO). Go Here: Take a Screenshot on iPhone – Apple Support


IMPORTANT: Blank out any personal information (i.e. names and time) by covering it with red-colored rectangles, and such though use of the Photos app.

Reply
User profile for user: Gandolf243
Gandolf243
User level: Level 2
286 points

May 3, 2025 8:36 PM in response to bornagaingirl

So, looks like a code from settings>privacy> analytics & improvement>analytics data, if so then no one but Apple can read that. So, that being said, if what I said is not the case please, feel free to say so! But to directly answer your questions No. no one but apple can.

Reply
User profile for user: IdrisSeabright
IdrisSeabright
User level: Level 10
179,993 points

May 5, 2025 1:42 PM in response to bornagaingirl

As noted, the analytics files are intended for Apple and developer use. Without special tools and training, they're not useful.


You might get further if you explained why you're trying to interpret this file. What caused you to start looking at it? What are you hoping to learn?

Reply
User profile for user: bornagaingirl
bornagaingirl Author
User level: Level 1
13 points

May 7, 2025 2:16 AM in response to IdrisSeabright

Here is a sample of it. Just curious because it mentions a security level and the device passcode.




(2025-05-02 20:36:05 +0000) [splunk -> flushMessages] {

"events" : [

{

"securityLevel" : 4,

"didSucceed" : true,

"_startTS" : 1746126480,

"processName" : "appleaccountd",

"localSecretType" : "Passcode",

"eventName" : "com.apple.appleid.accountHealthEvent",

"clientId" : "4088DD8C-B89D-4A99-920D-DF1D59614E6D",

"eventCreationTime" : 1746126502937.134,

"_productFamily" : "iPhone",

"_internal" : 0,

"_status" : 0,

"prkPresence" : 1,

"_timezoneOffset" : -14400,

"cdpStatus" : true,

"cliqueStatus" : 0,

"totalViableEscrowRecords" : 1,

"advancedDataProtectionState" : 1,

"_auroraSchemaID" : "com.apple.aurora.apptelemetry.aaa.Dataaccess",

"eventTime" : 1746126480,

"_osName" : "iOS",

"recordViabilityState" : 1,

"_osVersion" : "18.4.1",

"deviceSessionID" : "AA80635F-A5CF-471E-B457-C413DFA9ACEF",

"_method" : 10000,

"_clientTS" : 1746126480,

"_productModel" : "iPhone16,2",

"_eventNumber" : 0,

"duration" : 465.849166,

"country" : "US",

"_serviceName" : "default",

"_build" : "22E252",

"deviceRemovalReason" : -1

}

],

Reply

How do I interpret the RTCReporting_messageLog report?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up