[masonlee]

Does this dispute imply that Apple backdoors its own iMessage end-to-end encryption on states' request?

[amatecha]

It's entirely possible, I'd speculate. I once called Apple tech support for help with my iPhone. So they could see what was going on right on my phone, they were able to remotely request a "screen sharing" session, which I had to click "Allow" on a dialog on my phone to approve. One can imagine that such an approval dialog is not actually required in a technical sense, and _theoretically_ a screen share could be remotely started without any such dialog/notification.

[robotkdick]

While true they can access a phone based on the user opting in, there's likely a high degree of "security" around how and when this can occur including the necessity of a user opting in.

Tim Cook has taken a very public stance on privacy and the addition of police-unfriendly encryption of data. So, there's much to lose if news were to come out undermining that position.

He probably would not be going so far out on a limb personally if the reality of the privacy/security/encryption were just for PR. His integrity is dependent on that position being true.

Slowing things down for political purposes in entirely another matter, and well within the realm of probability.

[Moter8]

I know this is not really on topic, but forensic companies like Cellebrite can unlock/get the data from almost any iOS Device.

Remember, those were the guys that unlocked the San Bernardino iPhone.

Android full encryptions are harder/impossible for them, a Cellebrite person told me half a year ago.

https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...

https://www.cellebrite.com/en/products/ufed-ultimate/

[saagarjha]

> forensic companies like Cellebrite can unlock/get the data from almost any iOS Device

I don't think this is true. Essentially Cellebrite gets ahold of an unpatched exploit that Apple then quickly fixes; that's far cry from being able to unlock "almost any iOS Device".

[eridius]

> One can imagine that such an approval dialog is not actually required in a technical sense, and _theoretically_ a screen share could be remotely started without any such dialog/notification.

Well I mean, they wrote the OS so they can theoretically have it do whatever they want. But there's an extremely high probability that the way the OS is written, they cannot remotely trigger screen sharing without the user confirming it first.

[dannyw]

The new iMessages in the Cloud claims to be 'end to end encrypted', which is true, but omit the fact that a copy of the key is stored with Apple in your iCloud backup...

https://support.apple.com/en-us/HT202303

"Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, a copy of the key protecting your Messages is included in your backup"

Given that almost everyone has iCloud backup enabled, messages are certainly retrievable with a simple court order.

[eridius]

Good to be aware of, but¹ Messages in iCloud is off by default².

¹At least for existing users.

²And almost certainly requires opt-in for new users as well.

[saagarjha]

Messages in iCloud is end-to-end encrypted. It's iCloud Backup that has issues.

[ex3ndr]

Backups are encrypted.

[saagarjha]

I believe the argument was that they're encrypted with keys that Apple has access to.

[sigzero]

I don't think it implies anything like that. Apple has way too much to lose given Cooks stance on privacy.

[kondro]

No… from a pure game theory perspective the positives don't outweigh the negatives for doing so.