- backing up your iMessages: https://support.apple.com/en-us/HT207428
- not being end to end encrypted: https://support.apple.com/en-us/HT202303
It's listed as being "encrypted in storage" and "encrypted in transit", which is a fancy way of saying "we use encrypted disks and TLS, all of which we have the keys for".
Further down on the page, they have a list of things that are end-to-end encrypted. iCloud Backups are not in that list.
It's not a secret.
On the other hand it’s true that iCloud backups are not encrypted. That’s a major problem. Worse in many ways since all your private documents, tax returns etc, are in there too.
But let’s not lie about iMessage not being end to end encrypted. It certainly is.
The problem is that the end is then backed up to an unencrypted disk.
These two things are not equivalent. In one instance Apple can be compelled to provide access. In the other instance any man in the middle can intercept.
Please - there are real problems to criticize Apple for. Let’s not muddy the water with lies.
No way to show from proprietary crap that whatever potentially bogus encryption iMessage clients pretend to have isn't bypassed on the server side. And Apple has historically been hostile to user privacy.
Users are the weakest link on the chain. They should be pre-emptively defended. Not the trillionaire companies. They should have the burden to prove - by providing the source and reproducible builds to their paying customers.
It also backs up the device's iMessage keys, to Apple via the network, automatically, using Apple keys. That's called key escrow.
The plaintext message content backup bypasses the end-to-end encryption entirely, providing the service-in-the-middle with complete plaintext.
Apple is the only "man in the middle" for iMessage - all encrypted iMessages transit their servers (using TLS, separate from the iMessage message encryption). Apple, via software changes, has gained possession of the user's iMessage key, and the message is no longer opaque to them when relaying it, and it is not end-to-end encrypted. The party in the middle (Apple) can read all of the messages, just as if it were two different TLS sessions to each user with no encrypted payload (the way most non-e2e messaging is implemented).
Alternately, if Apple, via software changes, has caused the plaintext message content to be relayed back to Apple post-decryption, it is no longer end-to-end encrypted, as the service in the middle is no longer zero-knowledge, and has come into possession of the plaintext.
If that's not a backdoor, I don't know what is.
EDIT: (responding to comment below, throttled)
> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
So if you have "Messages in iCloud" enabled, it backs up your iMessage encryption key (Apple already has the ciphertext from the iMessage service). If you have "Messages in iCloud" disabled, it backs up the plaintext of the messages themselves from your device.
In both cases, Apple can read all of your iMessages, either because their software on your device gave them the key (iCloud Backup=on, Messages in iCloud=on), or because their software on your device gave them the plaintext (iCloud Backup=on, Messages in iCloud=off).
Is messages in iCloud on by default? I remember being asked.
Unless you are 100% certain that everyone you iMessage with has also done this, your conversations are still not reliably private.
Even then, Apple can silently inject additional escrowed wiretap keys into the keylist for one or both participants, although this is an active attack and can be detected by monitoring changes to the keylist for a given phone number or Apple ID provided by Apple's iMessage APIs.
What I was trying to say is that Apple is trying to make it as easy as possible for people to recover their messages, because this covers most peoples' threat models, which do not include protecting data from subpoena. Signal is great technology but the fact is it doesn't sync messages between devices because they haven't figured out how to do that in a way that's fully secure. This is a feature that tons of iPhone users want and are not willing to sacrifice for higher security. What am I missing?
But is this problem a problem just at the personal level? The big problem lies at a societal level. And does it then help that a few computer hackers are informed enough to make an important (and crippling) technical decision?
Is just conjecture about something they could do, or is there some evidence that they have done this?