This is not true. Don't spread FUD. Apple does not have the ability to read your messages. All messages stored on their servers are encrypted with keys that live only on the phone.
iMessage doesn't store your decryption keys on Apple's servers unless you opt into iCloud backup which is a whole different service and security concern.
Most people use iCloud backup. Even if you don't, your messages are still sent to Apple by the recipient. And Apple prohibits third party backup services.
> Apple does not have the ability to read your messages.
iCloud backup is an Apple service and it has the ability to read most of your messages even if you don't use it, which makes this statement categorically false.
This is completely ridiculous. iMessage is encrypted by my device and remains encrypted until it gets to the recipient device. That is what end-to-end encryption means.
That I may have given Apple my private key through a different message in no way affects that end-to-end encryption, because it is trivial to decide not to give Apple that key.
iCloud isn't some separate entity from iMessage. It's all Apple. And you have no option to use a different cloud backup provider.
You can decide not to give your keys to Apple, but you can't decide for all your friends to not give their keys to Apple, and the result is the same: Apple can read your messages.
And the marketing is so misleading that hardly anyone knows that Apple can read most iMessages.
Sorry, let's be explicit here, as you seem intent on muddying the issue. Where, other than the endpoints, is the message decrypted when people use iMessage? Your succinct answer to that will clear this up for everyone.
On GCBD's servers in China. Possibly on Apple's servers in the US if they are running a wiretap. Due to the way key distribution works for iMessage, it is trivial for Apple and GCBD to do so.
I have linked it several times in this thread. Here it is again:
"If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices."
"If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices."
This is both true and false. Apple stores keys on the device so they can't read your old messages, but say they want to start reading messages of a particular user, they can simply issue a new key and store it on the device and the server and start decrypting the new messages using it.
This is why WhatsApp for example notifies users when the key of the recipient changes, and they give you a way of verifying that the both keys at both ends are identical.
Tuxer said "keys," not "your decryption keys." Apple distributes the public keys that each party encrypts their message with, and they route the encrypted messages through their servers. They can trivially eavesdrop on conversations by simply providing a key from a key pair they generate to a participant and reencrypting messages using the other parties' public keys after deciphering the messages.
Yes, it does. The messages are 'end to end' encrypted in the iMessage service, but then iMessage backs up its encryption key in the iCloud backup service, defeating the point.
"If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices."
That is true of any end-to-end solution. If you back up your private keys, anyone who has access to your backup would be able to access the encrypted messages. Remember, you can turn off iCloud backup if you're worried about Apple accessing your keys.
Ultimately, it's false to equate iMessage's encryption scheme, which is end-to-end, to an encryption scheme that requires a server to relay decrypted data.
Utterly false. Real end-to-end encryption would encrypt the backup with a key that is not available to the backup service (e.g. derived from a passphrase not sent to the server).
Of course this system has better usability, which is why Apple does it. But it's still a farce to call a system where Apple has the ability to decrypt the majority of messages "end-to-end" encrypted. The fact that it's through the backup servers instead of the iMessage servers makes no difference.
What's more, it's possible to do better without sacrificing usability. For several years Android has been end-to-end encrypting backups using the user's lock screen passcode, with protection against brute force attacks provided by hardware secure elements. https://security.googleblog.com/2018/10/google-and-android-h...
> The fact that it's through the backup servers instead of the iMessage servers makes no difference.
It makes a big difference. If I print out the texts I receive, it doesn't change whether the texting program is end-to-end encrypted. The same goes for backups. An unencrypted system-level backup doesn't mean that the program being backed up is failing at security.
It's bad that Apple doesn't let you encrypt your backups properly, but it's a separate issue.
What if the texting program has a built in feature to print the texts you receive and mail a copy to the company that wrote the program, and it nags you to enable this feature all the time, and most of your friends have it enabled? Because that's a lot closer to the scenario here.
> An unencrypted system-level backup doesn't mean that the program being backed up is failing at security.
iOS programs can choose how their data is backed up. iMessage isn't just getting its data stolen by iCloud accidentally. These backups are a feature of iMessage as much as iCloud. And besides, iCloud is made by the same company, it's not a separate entity.
Turning off iCloud backup is not a genuine choice, because it means you lose everything if you lose or break your phone (there is no other way to back up your phone except iCloud backup, Apple does not allow third-party phone backup services).
There’s a good HN thread from earlier this year about that, but basically, you can disable iCloud Backup and enable Messages in the Cloud, so that all of the messages are still backed up and synced between your devices but the keys are not, so that Apple can not read them. Then you can back up to your Mac/PC instead.
But most end-to-end encrypted apps aren't configured by most of their users to send their messages and encryption keys directly to the author of the app. iMessage is.
Feel free to trust who you want but I don't think Apple should be able to get away with calling iMessage end-to-end encrypted when they have most iMessages stored on their servers and the keys to decrypt them.
> At some point you have to trust somebody, right?
It's possible to use an actual end to end encrypted app that doesn't have the keys to read your messages stored on their servers.
I think this article is a bit over my head, but if Apple never has possession of users' private keys, how are they able to recover iMessage conversations when a phone is lost/stolen (which I know they can do)?
iMessage doesn't store your decryption keys on Apple's servers unless you opt into iCloud backup which is a whole different service and security concern.