So, what’s going on with iMessage? How come its end-to-end encryption can be compromised by Apple to access user content? Surely, messages are either end-to-end encrypted or they’re not—is that not the entire point?
But Apple can access iMessage content despite those messages being protected by the company’s end-to-end encrypted architecture. As Forbes reported earlier this year, Apple can decrypt and provide iMessages to law enforcement when required.
While many argue that breaking end-to-end encryption to support law enforcement is justifiable, the problem is that any spare key or a backdoor is a security weakness. Content is either end-to-end encrypted or it’s not. It really is that simple. This is the debate now raging between governments and tech on the future of encryption.
“iMessage users may wrongly believe that their communication is private,” ESET’s Jake Moore warns, “but with access granted from just with a backup created, it somehow defeats its success in protection.” And he should know, as a former digital forensics police investigator. “Messaging platforms often mention privacy at the core of their design, but backdoor access can come from a small number of directions.”
In contrast to iMessage, Signal cannot provider user content, however forcibly it’s requested by governments or agencies. Even WhatsApp cannot break its own encryption, albeit cloud backups of WhatsApp chats can be accessed.
“Who polices those with the access to the backdoor?” Immersive Labs’ Sean Wright asks. “How do we ensure it’s not misused? Is it the process going to be transparent?”
When it comes to Apple, the situation is complex. Because with just a simple setting change on your phone, you make it impossible for Apple to access your iMessages, you vastly improve the security of all that private information.
The problem is cloud backups, of course. With WhatsApp, users can enable or disable a cloud backup to restore their chat histories if they lose or change their phones. Those backups are outside the platform’s end-to-end encryption. And while it seems that this may be fixed in some future release, right now the only option is to…