[modeless]

I have linked it several times in this thread. Here it is again:

"If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices."

https://support.apple.com/en-us/HT202303

[peteretep]

Sorry, and where exactly outside the endpoints are the messages being decrypted?

[modeless]

Only Apple can know exactly when or where or how often they decrypt people's messages from their backups, because once they have the keys they have the means to do it at any place and time, for any reason, without anyone's knowledge or consent.

What we know is that they can and do decrypt iMessages from iCloud backups in response to law enforcement requests[1]. This proves that they hold the keys, if their own support pages weren't enough evidence for you.

[1] https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

[hunter2_]

And even if none of that were the case, couldn't they just push out an update to the app or OS (just to the target, so other researchers debugging or watching traffic wouldn't know) which would cause the device to exfiltrate the cleartext anyway? Or always have had said feature?