iMessages are encrypted, but it's Apple who hands the client one or more public keys with which to encrypt them—and that's each time; there is no key pinning. They could easily hand you a public key whose private key they or another malicious party knows. See https://support.apple.com/en-us/HT202303 and especially page 58 of the linked https://www.apple.com/business/docs/iOS_Security_Guide.pdf.
No comments yet.