Is Apple iMessage End-to-End Encrypted? It Depends
Apple’s iMessage, the messaging system behind the Messages apps on iOS, macOS, iPadOS, and watchOS, is often labeled as end-to-end encrypted. End-to-end encryption (E2EE) means that only the sender and recipient can view the content of messages; even the provider of the messaging infrastructure can’t see the content of the messages.
Simply labeling iMessage as end-to-end encrypted is overly simplistic, however. The truth is more complicated.
Apple’s iCloud security overview states,
a. Standard data protection: Messages in iCloud is end-to-end encrypted when iCloud Backup is disabled. When iCloud Backup is enabled, your backup includes a copy of the Messages in iCloud encryption key to help you recover your data. If you turn off iCloud Backup, a new key is generated on your device to protect future Messages in iCloud. This key is end-to-end encrypted between your devices and isnʼt stored by Apple.
b. Advanced Data Protection: Messages in iCloud is always end-to-end encrypted. When iCloud Backup is enabled, everything inside it is end-to-end encrypted, including the Messages in iCloud encryption key.
Apple’s Security of iCloud Backup states,
With standard data protection, Messages in iCloud is end-to-end encrypted when iCloud Backup is turned off. When iCloud Backup is turned on, the backup includes a copy of the Messages in iCloud encryption key so Apple can help the user recover their messages even if they have lost access to iCloud Keychain and their trusted devices. If the user turns off iCloud Backup, a new key is generated on their device to protect future Messages in iCloud. The new key is stored only in iCloud Keychain, only accessible to the user on their trusted devices, and new data written to the container can’t be decrypted with the old container key.
With Advanced Data Protection, Messages in iCloud is always end-to-end encrypted. When iCloud Backup is turned on, everything inside it is end-to-end encrypted, including the Messages in iCloud encryption key. The iCloud Backup service key, as well as the Messages in iCloud container key are both rolled when the user turns on Advanced Data Protection. For more information, see the Apple Support article iCloud data security overview.
In other words, if you’re not using Advanced Data Protection, and you have iCloud Backup enabled on any device where you use iMessage, the key to decrypt your messages is included in the backup stored on Apple’s servers. Apple can read your backup; note that in the Data categories and encryption section of the Apple iCloud security overview, the type of encryption under Standard data protection for iCloud Backup (including device and Messages backup) is listed as In transit & on server, not End-to-end. Under Advanced Data Protection, it’s End-to-end.
If you’re not using Advanced Data Protection, and Apple wanted to, it could read your backup, get your key, and use it to decrypt your messages. It could also provide the key to any government or other party it chose to.
So, if you don’t want Apple (or other entities) to be able to read your iMessages, you need to enable Advanced Data Protection or disable iCloud Backup on all devices where you use iMessage.
Of course, even that is a bit simplistic, since the people you’re messaging probably have iCloud Backup enabled, so the messages you send to them could be accessible by Apple.
If you disable iCloud Backup on your iPhone, I highly recommend that you back up your phone another way, such as to your Mac or, if you have a Windows PC, to iTunes.
Because many Apple device owners won’t bother to use a secure messenger such as Signal, and instead stick to the default iMessage, I appreciate that iMessage is more secure and private that plain SMS (text) messaging. Still, I wish iMessage was truly end-to-end encrypted by default, regardless of whether iCloud Backup is enabled.