[gjsman-1000]

I don't anticipate this changing either - because, let's face it, losing all of your Photos and Messages is, to most people, a bigger deal than perfect security.

I'm experienced with Apple products - but there was one time that I actually got stuck in an E2EE loop and was forced to reset all E2EE data on iCloud. I don't know what I did wrong - but if someone in tech, like myself, can get stuck in an E2EE lockout, I can't imagine other people.*

*This was not Advanced Data Protection. This was stuff that was E2EE for all accounts - like passwords and health information. As such there's no recovery contact.

[sneak]

iMessage’s practical lack of e2ee isn’t a matter of “perfect security”. It’s simply not e2ee because the keys are escrowed to the middle service. It’s not even a little bit secure. The encryption has been fully backdoored by sharing the endpoint keys off of the device.

Apple turns over customer data on over 70,000 customers per year without a warrant under FISA/702 (prism) and NSLs. The number gets bigger every year. This isn’t a theoretical threat. The number is even bigger if you include all the search warrants, too.

EDIT: Even if you enable their optional e2ee for backups (which nobody does), iMessage the platform is still vulnerable because the conversations you have with others are insecure because the other end of the conversation is escrowing their keys to Apple via non-e2ee backups. If you enable ADP iMessage only becomes secure for the case where you are only iMessaging yourself.

It’s simply not private or secure. You can’t be “slightly encrypted” or “mostly private”.

[gjsman-1000]

Unless you enable Advanced Data Protection, which escrows the keys solely on your device. This is hardly a secret or a scandal.

[etchalon]

As far as I know, iMessage keys are not escrowed to any middle service. What are you basing that belief on?

[sneak]

Apple’s own HT202303. It is quite clear on the matter, even going so far as to point out that the keys are rotated when you turn off iCloud Backup.

Read the parts about Messages in iCloud, the service used to sync messages between devices. Those keys are included in the non-e2ee iCloud Backup. Both are enabled by default.

[etchalon]

HT202303 refers to storing the keys for the Messages in iCloud feature.

[mcny]

I thought the fix was trivial - all I need to do is go to settings > my face >> icloud >>> show all >>>> messages and make sure the toggle is off?

doesn't that stop iCloud syncing, at least on my end? I understand I can't control what happens on the other end of the conversation but that is all I need to do on my end, right?

[fh9302]

You either have to enable E2EE or disable both Messages in iCloud and device backups. Otherwise the device backups contain a copy of your messages.

[galad87]

The "Messages in iCloud" sync is end to end, so you can enable it and disable iCloud backup, or manually backup on your computer: https://support.apple.com/en-us/102651

[zchrykng]

Yeah, it is end to end encrypted, but the keys are part of your device's iCloud backup. So unless you turn on end to end encryption for that backup or disable it, Apple can access the keys required to decrypt the iMessage in iCloud messages.

[etchalon]

I believe the reason iMessages aren't protected with iCloud Backup is because they're stored decrypted in the SQLite database iMessage uses, chat.db.

[gjsman-1000]

Correct. I was referring to the OP asking if Apple would ever fix E2EE not protecting, by default, Photos and Messages and so forth.

[dwaite]

E2EE refers to transporting protocols and not data at rest, so the phrasing here is wrong.

If you choose to have some of your data in iCloud, it is transported and stored encrypted. However, one of the keys is escrowed in a HSM cluster for an audited recovery process.

This is how you go request access be restored via technical support with Apple. This is also how surviving family members can get access to photos and the like (requiring a court order, at least in the US). Since they have the key, government entities can request access within the extent of their respective local laws.

If you turn on the Advanced Data Protection feature, Apple no longer has that key escrowed, cannot help with account recovery, and can no longer give out a key they don't have.