End to end encryption. The server doesn't get to see the data, so there is no chance to analyze/filter it on the way. All the parsing and sandboxing has to happen on user devices... and there's always one more bug left to exploit there, especially in a legacy codebase like iMessage.
This is one of the unfortunate downsides of E2EE: there is no way to do server side security on message contents, so you rely entirely on endpoint security. For a non-E2EE service it would be trivial to scan for, collect, and more easily block exploitation attempts.
This is one of the unfortunate downsides of E2EE: there is no way to do server side security on message contents, so you rely entirely on endpoint security. For a non-E2EE service it would be trivial to scan for, collect, and more easily block exploitation attempts.