This is not true. Don't spread FUD. Apple does not have the ability to read your messages. All messages stored on their servers are encrypted with keys that live only on the phone.
iMessage doesn't store your decryption keys on Apple's servers unless you opt into iCloud backup which is a whole different service and security concern.
Most people use iCloud backup. Even if you don't, your messages are still sent to Apple by the recipient. And Apple prohibits third party backup services.
> Apple does not have the ability to read your messages.
iCloud backup is an Apple service and it has the ability to read most of your messages even if you don't use it, which makes this statement categorically false.
This is both true and false. Apple stores keys on the device so they can't read your old messages, but say they want to start reading messages of a particular user, they can simply issue a new key and store it on the device and the server and start decrypting the new messages using it.
This is why WhatsApp for example notifies users when the key of the recipient changes, and they give you a way of verifying that the both keys at both ends are identical.
Tuxer said "keys," not "your decryption keys." Apple distributes the public keys that each party encrypts their message with, and they route the encrypted messages through their servers. They can trivially eavesdrop on conversations by simply providing a key from a key pair they generate to a participant and reencrypting messages using the other parties' public keys after deciphering the messages.
Yes, it does. The messages are 'end to end' encrypted in the iMessage service, but then iMessage backs up its encryption key in the iCloud backup service, defeating the point.
"If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices."
I think this article is a bit over my head, but if Apple never has possession of users' private keys, how are they able to recover iMessage conversations when a phone is lost/stolen (which I know they can do)?
bananabreakfast|6 years ago
iMessage doesn't store your decryption keys on Apple's servers unless you opt into iCloud backup which is a whole different service and security concern.
modeless|6 years ago
> Apple does not have the ability to read your messages.
iCloud backup is an Apple service and it has the ability to read most of your messages even if you don't use it, which makes this statement categorically false.
hashbig|6 years ago
This is why WhatsApp for example notifies users when the key of the recipient changes, and they give you a way of verifying that the both keys at both ends are identical.
sneak|6 years ago
https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...
lern_too_spel|6 years ago
https://threatpost.com/apple-imessage-open-to-man-in-the-mid...
xyproto|6 years ago
dgcupps|6 years ago
https://support.apple.com/guide/security/how-imessage-sends-...
modeless|6 years ago
"If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices."
https://support.apple.com/en-us/HT202303
chance_state|6 years ago