[mcny]

I thought the fix was trivial - all I need to do is go to settings > my face >> icloud >>> show all >>>> messages and make sure the toggle is off?

doesn't that stop iCloud syncing, at least on my end? I understand I can't control what happens on the other end of the conversation but that is all I need to do on my end, right?

[fh9302]

You either have to enable E2EE or disable both Messages in iCloud and device backups. Otherwise the device backups contain a copy of your messages.

[galad87]

The "Messages in iCloud" sync is end to end, so you can enable it and disable iCloud backup, or manually backup on your computer: https://support.apple.com/en-us/102651

[zchrykng]

Yeah, it is end to end encrypted, but the keys are part of your device's iCloud backup. So unless you turn on end to end encryption for that backup or disable it, Apple can access the keys required to decrypt the iMessage in iCloud messages.

[etchalon]

I believe the reason iMessages aren't protected with iCloud Backup is because they're stored decrypted in the SQLite database iMessage uses, chat.db.

[gjsman-1000]

Correct. I was referring to the OP asking if Apple would ever fix E2EE not protecting, by default, Photos and Messages and so forth.

[dwaite]

E2EE refers to transporting protocols and not data at rest, so the phrasing here is wrong.

If you choose to have some of your data in iCloud, it is transported and stored encrypted. However, one of the keys is escrowed in a HSM cluster for an audited recovery process.

This is how you go request access be restored via technical support with Apple. This is also how surviving family members can get access to photos and the like (requiring a court order, at least in the US). Since they have the key, government entities can request access within the extent of their respective local laws.

If you turn on the Advanced Data Protection feature, Apple no longer has that key escrowed, cannot help with account recovery, and can no longer give out a key they don't have.