top | item 27808579

(no title)

The encryption/decryption keys for your iMessages are stored with Apple, and are accessible to them. If you have iCloud Backup enabled, Apple–and thus law enforcement–can in fact decrypt them.

A while back, Apple was aiming to transition to store iMessage backups using a more secure method; ie. the same method that some other content such as Health data is stored, which uses encryption keys derived using local info such as your macOS or iOS password. The FBI requested Apple not to make this change, and Apple complied.

Apple runs a great PR game when they talk about privacy, but the reality is nowhere near the same. Some things are fully encrypted so that Apple cannot decrypt, while other things are not safe to store with them. iMessage falls into the latter bucket.

Source: https://support.apple.com/en-us/HT202303

discuss

easton|4 years ago

Note that (based on that article), you can disable iCloud Backup and leave Messages in the Cloud enabled, which results in your messages being backed up but the key to decrypting them not being backed up. IIRC, this also results in the key your device uses to decrypt your messages being regenerated so Apple can't go into your backups and pull it out.

I disable iCloud Backup because there isn't much that is useful in there that isn't under one of the other checkboxes (Photos is separate, Health is separate, Messages is separate), so my messages should be safe?

developer2|4 years ago

Yes, you've got it right.

wintermutestwin|4 years ago

There is a huge difference between handing over your messages to a law enforcement agency and using your messages to build detailed advertising profiles of you and then selling you to anyone who will pay.

I am not saying that to necessarily advocate for the former, but rather to point out that the latter is the focus of Apple's "PR game"