If you are an iPhone user, and your friends, too, probably use the Apple iMessage app for day-to-day communication. Apart from the app being intuitive and convenient, it also provides end-to-end encryption to safeguard your conversations. The encryption, by default, can protect your messages from Apple’s eyes, too.
Last month, there was a report detailing the Problem in the end-to-end encryption of Whatsapp. This time, I would like to take a closer look at another popular messaging platform — Apple iMessage.
The iMessage, by design, uses end-to-end encryption in a way that messages from the sender’s Apple device to another Apple device are only viewable by them. Each party contains a unique “key” to open the “envelope” containing the message. As such, without the key, if someone theoretically intercepts the conversation, the message is protected.
Fundamentally, this end-to-end encryption works as expected. Only your connected devices and the Apple devices that receive your messages have the keys to unlock and read those messages. Law enforcement or any other third party cannot read your messages without access to your unlocked device, nor Apple can.
*Note that only iMessages are encrypted; SMS texts are not encrypted (the other hand shows up as green bubbles in Messages instead of the standard blue).
Although messages are encrypted, it is not always encrypted. When we talked about data encryption, we considered three stages of data:
In this case, iMessage protects your message in data-in-motion primarily. However, if you are like everyone — keeping the messages around in case we want to read them later; few of us delete all texts immediately once they come in — which means the messages stored on the device (data-at-rest) and might need to back up somehow.
Here comes the problem, how you back up your messages might decide between having a genuinely secure iMessage history and giving Apple the key to unlock all your conversations.
First of all, let’s talk about Messages in iCloud. As the name suggests, it backs up your messages to your account and sync across your connected Apple devices. So it’s handy to start a chat on your iPhone and then continue it on your Mac or iPad and doubles as a reliable backup method (messages are stored locally among devices).
Second, the iCloud Backup is for backing up the contents of your iPhone. Besides, an iCloud Backup can store many things, from app data to device settings, configurations, photos and videos, and obviously, messages. So the two aren’t mutually exclusive; you can use both at once. And when you do, though, Apple keeps your message history separately from your device’s iCloud Backup.
As mentioned, messages kept in iCloud are end-to-end encrypted— that’s why there’s no way to access your texts on the web (as described above in end-to-end encryption, data-in-use), such as by logging in to icloud.com. However, there’s one big problem: your iCloud Backup isn’t end-to-end encrypted, i.e., for data-at-rest.
Apple does this to provide a “backup” to your Backup. Because Apple doesn’t want you to lose your data forever, imagine that you forget your Apple ID password or your device’s unlock passcode, which means you lost access or lost the key stored on the device. As a result, the Backup would be inaccessible forever. That’s what would happen if iCloud backups, and the data inside, were end-to-end encrypted.
To avoid this from happening, Apple stores the key to opening your encrypted messages within that Backup. In addition, apple’s iCloud Data Recovery Service can retrieve any data backed up to iCloud that is not encrypted (most of your data). Many people are likely relieved when Apple “saves” their messages in this situation. But for those who are privacy-conscious, sadly, they are likely unsettled.
Apart from messages, information like Keychain, Screen Time, and Health data are included in the iCloud Backup that Apple has the key to decrypt. Fortunately, I cannot find any news or report claiming Apple has ever decrypted users’ messages and data using the keys they have stored in iCloud.
But that’s not the problem. Instead, the problem is the possibility that Apple could do so if they wanted to, or, even worse, when they were forced to share the key with law enforcement by order.
I want to extend the seriousness of the problem here: if there was a data breach within the iCloud, hackers could acquire the key and thus your data. Because, as you already know, the key is stored with the safe itself.
That’s is pretty straightforward: Don’t use iCloud Backup to store old texts. That said, you lose the convenience of recovery on any device (or, oppositely, you gave up your privacy when choosing over comfort). On the other hand, your privacy is preserved without storing your end-to-end encryption key and the rest of your messages in plaintext.
Of course, that doesn’t mean you can’t back up your messages. Messages in iCloud are still end-to-end encrypted, which implies that even though you’re saving those messages in the cloud, Apple doesn’t have the key to decrypt them.
If you are using iCloud Backup, you can turn it off by:
That means you need to wait half a year until you can be assured Apple no longer has the key to your messages on its servers. However, the good news is that once iCloud Backup is disabled, a new key is generated for future messages; from here on out, your new messages are protected.
If you want to use the secure Messages in iCloud feature to Backup and sync your conversations, you can check its status from the iCloud settings page: the toggle next to Messages should be green.
If you want an alternative backup solution, you can:
Apple has an easy-to-follow guide for data backup locally.
If you want to enhance the availability of your Backup (in case the local copies are corrupted or lost), before you upload it to the iCloud or other storage services, you can encrypt those backups. But remember, please keep the encryption key safe and secure (no matter it is a password, certificate, or token).
You can take the steps above to make sure that the messages on your side are end-to-end encrypted. But you need to know that most of us do not talk to ourselves using the messaging platform; we speak to someone else.
You can’t control the actions of everyone you text. Thus, there’s no way to know if the person you are texting has iCloud Backup enabled. And if they do, that would give Apple the encryption key to all the messages you sent that person.
Moreover, even if you know the messages never leave the devices of the people involved in the conversation, or even better, you use messaging apps like Signal to send self-deleted messages; nothing stops other people from taking photos of your discussions or handing their device over to another party.
This is what we are facing — the problem of trust versus the control of our privacy. But we should try our best with the data on our reach to control and encourage those around us to employ privacy practices and cyber hygiene.
Thank you for reading. May InfoSec is with you🖖.