Appleâ€™s iMessage service uses secure end-to-end encryption. This ensures only you and the person youâ€™re talking to can see your messages. But thereâ€™s a big privacy hole in iMessage, and itâ€™s named iCloud. Hereâ€™s what you need to know.
iMessage Uses End-to-End Encryption to Send and Receive Messages
Appleâ€™s iMessage for iPhone, iPad, and Mac always uses end-to-end encryption. Only the sender and receiver of the messages can see their contents.
Photos, videos, and other file attachments are also encrypted. Whatâ€™s more, Appleâ€™s FaceTime service also uses end-to-end encryption for voice and video calls, too.
This means that Apple and its employees cannot see the contents of the iMessages youâ€™re sending and receivingâ€”even if they wanted to.
So far, so good. But thereâ€™s a big â€œgotchaâ€� here.
iCloud Backups Are Enabled by Default and Arenâ€™t E2E Encrypted
If you have iCloud Backups enabled on your iPhone or iPadâ€”and most people doâ€”then thereâ€™s a big hole in the normally secure, end-to-end encryption.
With either iCloud Backup or Messages in iCloud enabled, your iCloud messages are encrypted, then backed up to iCloud and stored on Appleâ€™s servers. However, Apple receives a copy of the key that is used to encrypt that backup.
In other words: Apple and its employees could technically access the contents of your iMessage backups on Appleâ€™s servers. The backups arenâ€™t end-to-end encrypted. If Appleâ€™s servers were compromised or someone else gained access to your iCloud account, they could see the contents of your messages. This also means that Apple could turn over the contents of your iMessage history if compelled to by a government.
Of course, even iMessage is much better than traditional text messages. SMS messages arenâ€™t even private or secure when youâ€™re sending and receiving them! Your cellular carrier can see their contents.
Why Arenâ€™t iCloud Backups End-to-End Encrypted?
There are several reasons why Apple doesnâ€™t use end-to-end encryption for backups.
First, this provides more protection for average people who lose their passwords. If you lose your Apple ID password and go through Appleâ€™s password recovery process, you can regain access to all your data, including your iMessage backups. With end-to-end encryption, Apple could give you access to your accountâ€”but if you lost your password, you would never be able to access those backups again.
In this way, end-to-end encrypted backups are less user-friendly. Imagine explaining to a bunch of Apple customers that, actually, they can never access their data again because they forgot their passwords. To implement an account recovery process that doesnâ€™t lose data, Apple must have the key that unlocks those backups.
Itâ€™s fair to ask, however, why Apple doesnâ€™t at least offer end-to-end encryption as an option for backups. Perhaps there could be an advanced option that encrypts them behind a big warning message.
According to a report in Reuters from January 2020, Apple was planning to offer end-to-end encryption for iCloud backups. However, the company dropped plans to let its users fully encrypt backups after the FBI complained that this would make it more difficult for law enforcement to get iPhone usersâ€™ data.
How to Ensure That Apple Canâ€™t See Your iMessages
If youâ€™re concerned about this, and you donâ€™t want your iMessages sitting on Appleâ€™s servers without the end-to-end encryption they normally have in transit, you can stop this from occurring by disabling the iCloud for your Messages app.
Warning: This is a tradeoff. In the future, you wonâ€™t be able to restore your Messages from iCloud if you disable iCloud backup for iMessage.
On an iPhone or iPad, go to Settings > [Your Name] > iCloud. Disable the â€œMessagesâ€� option here to stop storing your iMessage history in iCloud.
You can also do this on a Mac. On a Mac, open the Messages app. Click Messages > Preferences, click â€œiMessage,â€� and uncheck the â€œEnable Messages in iCloudâ€� checkbox.
Of course, people you talk to on iMessage likely have iCloud Backups enabled for iMessage on their own account, even if you donâ€™t. This means that your messages may be stored on Appleâ€™s serversâ€”in the other personâ€™s iCloud backup, of course. To prevent this from happening, consider switching to a secure messaging app that doesnâ€™t back up to iCloudâ€”like Signal.
Doesnâ€™t Your iPhone Back up Signal Data to iCloud, Too?
Of course, iMessages arenâ€™t the only thing that your iPhone backs up to iCloud. It backs up the local data many other apps are storing, tooâ€”if you have iCloud Backup enabled.
Some other secure, end-to-end encrypted messaging apps get around this concern by just not backing up your messages to iCloud.
For example, the secure messaging app Signal does not back up your message history to iCloud, as Signalâ€™s support site explains. It is always stored locally on your device. You can transfer messages from one iPhone to a new iPhone, but itâ€™s a process that moves messages to a new iPhone and deletes them from your old one.
If youâ€™ve wiped or lost, or just donâ€™t have your old iPhone, you canâ€™t move your messages to a new device. Thatâ€™s the ideaâ€”Signal is designed with privacy and security in mind. It may be less convenient to keep your message history forever, but that protects your privacy.
How to Make Encrypted iPhone Backups
By the way, you can make encrypted backups of your iPhone. You just canâ€™t do it with iCloud. If you have a Windows PC or Mac, you can connect your iPhone (or iPad) to your computer with a USB cable and back up to a local file via iTunes (on Windows) or Finder (on Mac).
Check the â€œEncrypt Local Backupsâ€� option to secure your local backup with a password.
If you lose your iPhone or have to erase it, you can restore this encrypted backup on a new iPhone. This will move your iMessage history to your new device without it being stored on Appleâ€™s servers.
The post Appleâ€™s iMessage Is Secure â€¦ Unless You Have iCloud Enabled appeared first on TechFans.