Apple’s iMessage service is one of the most secure messaging apps. It uses end-to-end encryption to send and receive messages.
Essentially this means that a secure key is applied to a conversation, and the contents of the key are only available to the message recipient. No one else, not even Apple, can access your end-to-end encrypted messages.
So how does iMessage encryption work and are there any loopholes to Apple’s iMessage text messaging protocol? Let’s find out.
How Does iMessage Encryption Work?
End-to-end encryption is a method of encoding data (messages or files). Only authorized parties can read or access that data.
It uses a complex algorithm called a cipher that makes the message sent unreadable. Once received, the message can be decrypted using a key provided by the sender of the message.
This means that third parties cannot see the conversation, and even that Apple itself is locked out of the process.
They will know there has been a text sent, but without the key to decrypt it, Apple or the mobile provider has no way of reading the message’s contents. This includes texts and any attachments.
Apple’s own claims are that it cannot access this data due to the unique encryption identifier. However, as recent events have shown, there is a bit of a caveat to this aspect. Read on to learn more.
While iMessages are end-to-end encrypted, there is a bit of a loophole that exists in terms of their iCloud backup storage. Before explaining the loophole, it’s important to point out why this loophole exists.
Why doesn’t Apple just use E2EE for everything?
Because Apple backs up all of the communication data into the iCloud service, it needs to make considerations for what happens when you forget your iPhone password. If that were to happen, and Apple is locked out of the loop entirely, they will not be able to assist you in password retrieval.
In order to be able to have a recovery mechanism in place, Apple needs to have a way to have these backups unlocked. Once that is the case, they now have access to the account and data.
Should you stop backing up your iMessages to iCloud?
So if you have iCloud Backups enabled on your iPhone or iPad, which most people do, then your end-to-end encrypted messages are not that secure anymore.
With iCloud Backup enabled, your iCloud messages are encrypted, then backed up to iCloud and stored on Apple’s servers. However, Apple receives a copy of the key that is used to encrypt that backup.
If you’re concerned about the security and privacy of your messages, all you need to do is to stop backing up your iMessages to iCloud. The only issue with disabling the iCloud backup will be if you lose your phone, you’ll lose your data for good with no way to recover them. That’s the security trade-off you’ll need to make.
Apple and the FBI: Personal Privacy vs Public Safety
Additionally, as reported in early 2020, Apple was looking to offer an end-to-end encryption option for the iCloud backup. However, they had to back off the matter due to complaints from the FBI. The agency claimed it would make it impossible for them to procure evidence against iPhone-using suspects for their investigations.
This introduced a serious moral dilemma into the mix. It pitted the protection of user and customer privacy at any cost against the potential need to acquire information for tracking and stopping acts by nefarious actors.
There is also the wrinkle of accommodating totalitarian governments and dictatorships that make similar investigatory requests.
Of course, this also opens the possibility that if Apple backups get hacked, the intruders will be able to get your information as your encryption key is stored alongside your information in the backups. It’s a little like hanging a string with your key attached to the front doorknob of your otherwise locked front door.
Messages in iCloud vs iCloud Backups
iCloud backups are enabled by default, therefore, any data from the device is saved off to them, including your access key. Without it, Apple would not be able to retrieve your information in case you’ve lost or forgot your password.
iMessages in the iCloud, however, do not save the encryption key. That way they provide a better secure mode of communication, but this is the case only as long as the iCloud backups are disabled.
When they’re enabled, the messages are still encrypted, but not backed up. If you prefer to have iCloud Backups enabled, you can alternatively disable the iMessage in iCloud.
How to Keep Your Messages Safe and Secure
Here are the two options to consider to have the most private and secure form of communication with Apple devices:
Option 1 – Disable Messages in iCloud on iPhone or iPad
Open the Settings app.
Under your Apple ID click the iCloud header.
Disable the Messages by dragging the toggle from green to grey.
Option 2 – Disable iCloud Backups on iPhone or iPad
Open the Settings app.
Under your Apple ID select the iCloud header.
Tap the iCloud Backup header.
Toggle the iCloud Backup from green to grey.
Confirm that you are disabling the iCloud Backup feature by tapping Ok on the pop-up prompt that follows.
iMessage is only one form of communication that you can use from Apple devices. There are many other third-party messaging apps (WhatsApp, Signal, etc.) that offer end-to-end encryption.
These apps will give you peace of mind so you don’t need to worry about losing your data if you forget your Apple ID or password.
You’ll still be able to access Backups and have no concerns about the messages because you’ll simply not be doing your communication through them.
If you like iMessages and the native conveniences of the Apple ecosystem, you’ll need to consider the trade-off between keeping Backups enabled or disabling iMessage.
For any questions or concerns, please use the comments section below.