Administrative Note

This post was updated on 2021 August 1 with more information and clarification about iCloud Backup vs. Messages in iCloud.

Context

This post brings nothing new to the conversation, but I thought it was worth having a post about it.

Apple sells a lie that iMessage is very private because messages sent over the Internet to other iMessage users (the messages with the blue bubbles) are end-to-end encrypted.

Apple's "End-to-End Encryption"

Let's talk about what "end-to-end encryption" actually means.

E2EE is when the sender of a message (let's call them Alice, she/her) encrypts a message such that only the recipient (let's call them Bob, he/him) can decrypt it. When Alice, an iPhone user, sends a message to Bob, also an iPhone user, using iMessage, Alice encrypts the message and sends it to Apple's servers. Apple's servers route the message to Bob's phone, but they do not decrypt the message. When Bob receives the message from the Apple server, he decrypts it.

Technically, this is end-to-end encryption, as the message was encrypted at one end (Alice) and decrypted at the other (Bob)...

...but there's another step which nullifies the end-to-end encryption: Alice doesn't only send the message encrypted to Bob; she also stores an unencrypted copy with Apple's iCloud. Bob does the same. (See below for more info.) Alice and Bob make a show of using "end-to-end encryption" to protect the message from the company; then they immediately turn around and give the message to that same company.

Encryption is like an envelope which protects your letters from being read by the post office. Imagine if Alice brought her letter to the post office, asked a post office employee to digitize the letter and save it in the post office's central database, then put the letter in an envelope so that postal carriers wouldn't be able to read it. Imagine also that when Bob received this letter in its envelope, he removed the envelope and offered it to the post office to digitize and store. Why bother with the envelope, if you give the letter to the post office anyway?

Now, it should be said, this action is optional for both Alice and Bob. Neither of them is required to provide a copy of their correspondence to Apple or the post office. But by default, everyone does it, and they both have to manually opt out to prevent Apple from having a copy of their messages.

For iMessage to be meaningfully end-to-end encrypted, all parties in a conversation must take action to manually disable iCloud Backup.

(Even if all parties turn off iCloud Backup, you shouldn't trust Apple's E2EE implementation, but that's a matter for a different post.)

More info and sources...

Let's justify this claim with Apple's own iCloud security overview...

First, note that "Backup" is encrypted in transit and on server, but it is not listed in the "End-to-end encrypted data" section.

As we can see from What does iCloud back up?, iCloud Backup includes "iMessage, text (SMS), and MMS messages". These two facts together mean that when iCloud Backup is enabled, Apple can read your supposedly "end-to-end encrypted" iMessage messages.

Apple claims this is a default for account recovery purposes, but the decision was likely made at the behest of the FBI.

What about Messages in iCloud?

The iCloud security overview also says...

Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages.

This means that if you have both iCloud Backup and Messages in iCloud enabled, your backup includes the decryption key for your messages (giving Apple the ability to decrypt your messages). This is called key escrow.

(Huge thank you to Chris Hoffman from How-To Geek for clarifying this matter!)

To make it abundantly clear (because Apple makes it confusing):

1. iCloud Backup and Messages in iCloud are two different things.
2. iCloud Backup is enabled by default.
3. If iCloud Backup is enabled (regardless of Messages in iCloud), Apple can read your messages.

Here's a table to illustrate this: