[sneak]

iMessage histories are backed up in the nightly automatic non-e2ee iCloud Backup, effectively backdooring iMessage’s “end to end encryption” by escrowing the plaintext to a not-endpoint.

Apple can read approximately everyone’s iMessages out of their backups. It’s not private or secure, and claiming it is end to end encrypted is misleading almost to the point of being actually false.

[jackson1442]

This is the same behavior as SMS if you have enabled “Messages backup.” If backup is not enabled you will not have a copy of iMessages stored in iCloud (though all compatible and configured devices will still receive messages).

This can be changed by opting in to the e2ee iCloud data service “Advanced Data Protection.”

[sneak]

Nope. Even opting into ADP, your iMessage conversations will still be backed up to Apple without e2ee - just from the non-ADP phones of all the people you iMessage with instead of your own phone.

iMessages are backed up in duplicate - once on the sender and once on the receiver. You can only control e2ee for half of it, so your conversations are still under surveillance unless everyone you message with has also turned on ADP.

[Cyphase]

Is there any E2EE messaging service, or network protocol of any sort, that doesn't suffer from this? If an endpoint is compromised in whatever way, it doesn't matter how encrypted the data is in transit.

[sneak]

Signal doesn’t have this problem.

By your terminology, all iOS devices are “compromised” by default from having non-e2ee iCloud Backup enabled by default.

Signal chats on iOS are stored in a storage class that cannot be backed up or exported from the device.

[saagarjha]

Which is, of course, often not what users actually want.

[sneak]

Users want their messages and iMessaged nudes to be private from Apple and warrantless FBI snooping. Presently, they aren’t.

[astrange]

That has nothing to do with turning it on or off since the same happens with SMS.

[error503]

Nobody remotely versed in this stuff would expect SMS to be end-to-end encrypted, though to be honest the more notable fact to me here is that Apple can read any plaintext in your backups. iMessage is an over the top messaging service more akin to WhatsApp or Signal than it is to SMS, so that is a more relevant comparison. I don't know if any of the clients store plaintext messages that would be backed up to Apple in a similar manner or not, but I'd hope at least the more security focused ones do not.

Apple makes privacy claims about iMessage including 'Apple can’t decrypt the data.', which is notably false in this (common) scenario, and requires a large asterisk on those claims, IMO bordering on making them unethical, period.

[ZekeSulastin]

Albeit recent and optional, isn’t that a hole specifically fixed by the Advanced Data Protection option[0]? Granted, it doesn’t do much if your recipients don’t also have it enabled.

0: https://support.apple.com/en-us/102651