How Secure is iMessage?
Can Apple and/or law enforcement read your messages?
Of all large tech companies, Apple seems to have a pretty good track record of respecting and protecting the privacy of their users. But, iMessage in particular may be a different story.
Before I continue, it’s important to mention that this only applies to iMessage itself, which is currently only used when sending from one Apple device to another. Messages sent via SMS (e.g. to an Android device) are not end-to-end encrypted at all.
First of all, Apple states that iMessage and FaceTime use end-to-end encryption:
We use end-to-end encryption to protect your iMessage and FaceTime conversations across all your devices. With watchOS and iOS, your messages are encrypted on your device so that they can’t be accessed without your passcode. We designed iMessage and FaceTime so that there’s no way for us to decrypt your data when it’s in transit between devices.
Well, Apple seems off to a good a start by specifically stating they can’t decrypt your data in transit even if they wanted to. At rest is a different matter, but more on that later. For now, it’s important to have at least a basic understanding of how end-to-end encryption works (it’ll all make sense in a bit, I promise). I actually have an entire post on the how end-to-end encryption works, but here’s the gist of it:
Symmetric and Asymmetric Encryption
There are two main types of encryption: symmetric and asymmetric.
With symmetric encryption (e.g. AES), one key is used to both encrypt and decrypt the information being sent. While this is the faster of the two, there’s also an obvious problem with it: it requires that both the sender and recipient know the key ahead of time. Pretty much the only way to do this (without meeting in person) would be to send the encrypted key itself without encryption. All subsequent messages could then be encrypted with that key and as long as no one intercepted the first message containing the key, all messages are reasonably secure. However, this is obviously not ideal in the modern era.
Asymmetric encryption (e.g. RSA), on the other hand, takes a different approach. Two keys are generated: one the public key and the other the private key. Data encrypted with one key can only be decrypted with the other key. Generally speaking, the public key is used for the encryption while the private key is used to decrypt data encrypted with the public key, although it technically also works the other way around. The public key is called the public key for a reason; it can be on the internet for all to see without the security being compromised at all. As long as the private key remains private, everything’s fine.
So, sending a simple end-to-end encrypted message would look something like this:
- An asymmetric cipher is used to generate public and private keys.
- The public key of each user is stored on a server.
- The sender pulls the public key of the recipient from the server.
- The sender uses the public key to encrypt the message.
- The sender sends the encrypted message.
- The recipient pulls the message from the server and decrypts it with their private key.
As you can see, only the public key is ever sent to a server. Even if the company hosting that server wanted to decrypt a message for some reason, they wouldn’t be able to.
Apple states that they can’t decrypt FaceTime or iMessage while in transit, which is true. But, they put the “in transit” bit in there for a good reason; they can technically read your messages when they’re not in transit.
You’ll notice that on their iCloud security overview, iMessage isn’t mentioned until you reach the bottom of “End-to-end encrypted data” section. Let’s go over it piece by piece:
Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages.
Remember how end-to-end encryption is only really end-to-end when the private key is kept private (i.e. only on your device)? Well, Apple sort of backs that key up (if you have iCloud Backup enabled) to their servers. So, in theory, if Apple wanted/was forced to read your messages, they could. I don’t know why Apple in particular would want to, but that’s not really the concern. The concern is whether or not it’s possible for someone to read your messages, which it unfortunately is. Even if you don’t have anything to hide, it is nice to know that super embarrassing auto-correct mishap is only between you and the recipient(s) of the message.
Now, in defense of Apple, they do have a pretty legitimate reason for storing data the way they do:
This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices.
I think the general idea is that if your only Apple device is an iPhone which gets destroyed, and you forget your iCloud password, there is still a way to recover your data. However, if you don’t want Apple to have any way to read your messages, you can turn off iCloud Backup:
When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn’t stored by Apple.
Keep in mind this will only turn off iCloud Backup for you, not your recipients. So, if your recipients still have iCloud Backup turned on, Apple can still technically read your messages. Remember that once information is stored one way, it will still be stored that way until it’s permanently deleted. So, even if you and your recipients turn off iCloud backup, everything up to that point can still be read by Apple.
It’s not like Apple doesn’t encrypt your data at all; they do. It’s just that Apple can decrypt the data that isn’t end-to-end encrypted. An even bigger concern, in my opinion, is that Apple doesn’t own all of the servers they use. They’re also using other IaaS (Infrastructure as a Service) providers to host their services and store their data. That includes Google’s and Amazon’s offerings, the former of which is more concerning. Luckily, in this case, Apple does have you covered:
In some cases, your iCloud data may be stored using third-party partners’ servers…but these partners don’t have the keys to decrypt your data stored on their servers.