iMessage on iCloud end-to-end encryption?

hehe299792458

macrumors 6502a
Original poster
Dec 13, 2008
742
1
Has there been any updates on if iMessages on iCloud will be protected by end-to-end encryption (i.e. where Apple doesnt have the keys and wont be able to read even the cloud stored messages)? I found this quote, but it's not very specific:

“Our security and encryption team has been doing work over a number of years now to be able to synchronize information across your, what we call your circle of devices—all those devices that are associated with the common account—in a way that they each generate and share keys with each other that Apple does not have.”

“And so, even if they store information in the cloud, it’s encrypted with keys that Apple doesn’t have. And so [users] can put things in the cloud, they can pull stuff down from the cloud, so the cloud still serves as a conduit—and even ultimately kind of a backup for them—but only they can read it.”
https://pxlnv.com/linklog/improving-imessage-encryption/
 

ajiuo

macrumors 65816
Apr 9, 2011
1,125
626
I think this feature just kicked on over night. My iPhone now has a ton of old conversations that it must have gotten from other devices... they were not here when I went to bed.
 

gsmornot

macrumors 68040
Sep 29, 2014
3,271
2,892
I think this feature just kicked on over night. My iPhone now has a ton of old conversations that it must have gotten from other devices... they were not here when I went to bed.
Same here. It shows a sync was completed at 1AM local time. Side note, I have all of my devices set for 30 day removal but still see messages from a year ago. Wonder which device will control the time messages hang around.
 

lah

macrumors 6502
Mar 22, 2010
291
188
I wonder if there was an iMessage issue last night. I'm still running iOS10 but I had issues syncing messages between my devices. My iPad was fine but my phone was not getting iMessages last night and this morning. It seems to better now -- I did get a flood of missed conversations about an hour ago on my phone.
 

Krevnik

macrumors 68040
Sep 8, 2003
3,548
813
Has there been any updates on if iMessages on iCloud will be protected by end-to-end encryption (i.e. where Apple doesnt have the keys and wont be able to read even the cloud stored messages)? I found this quote, but it's not very specific:
Yeah, that's a fair question to ask. The post is written by someone who hasn't paid attention to WWDC. So it's not a great resource. The iMessages sync feature should have the messages encrypted in transit to Apple and at rest while at Apple.

However, the iCloud backups are a different thing entirely, and I haven't seen anything new on that front. Since Apple hasn't mentioned it, I'd assume that iCloud backups are as they were in iOS 10.
 

Gav2k

macrumors G3
Jul 24, 2009
9,217
1,606
The simple answer is yes.

iCloud data is encrypted for a start.

iMessage has end to end encryption.

Why would you think it was any different.

The failing factor 99.9% of the time is the human one.
 

Krevnik

macrumors 68040
Sep 8, 2003
3,548
813
iCloud data is encrypted for a start.
Except it's not encrypted in such a way to prevent access by third parties. Apple holds copies of the keys for the data at rest on their servers.

They've been getting better, but iCloud Drive, iCloud Photos, and iCloud Backups are definitely not on the same level as iMessages or Keychain is.
 

Gav2k

macrumors G3
Jul 24, 2009
9,217
1,606
Except it's not encrypted in such a way to prevent access by third parties. Apple holds copies of the keys for the data at rest on their servers.

They've been getting better, but iCloud Drive, iCloud Photos, and iCloud Backups are definitely not on the same level as iMessages or Keychain is.
So what if they hold keys. At the end of the day unless your part of some criminal organisation or under investigation for something nasty Apple will protect that data!
 

AVonGauss

macrumors 6502
Oct 6, 2006
274
42
Boynton Beach, FL
iCloud data is encrypted for a start.
Yes and no, look at it this way... If you can access your data from a vendor's website (i.e. Apple), then they either have the intentional in-built ability or a relatively easy path to access your data with or without your consent.
 

Krevnik

macrumors 68040
Sep 8, 2003
3,548
813
So what if they hold keys. At the end of the day unless your part of some criminal organisation or under investigation for something nasty Apple will protect that data!
It's not just about governments though (let alone yours). If I hold keys to millions of users, that makes me a tempting target. And just one failure to prevent a breach is enough to allow an awful lot of damage. Limiting that damage is a good thing. Nor are all governments of the world my friend. Even assuming the one that has direct power over me is, that's no guarantee any foreign government is.

But if I'm being honest, the US and UK are surveillance happy enough these days that the surveillance is not nearly as discriminate as it was at the turn of the century. If it was, I wouldn't care too much. But since it is becoming more indiscriminate, I'd much rather make them work for it, thanks.
 
  • Like
Reactions: dysamoria

hehe299792458

macrumors 6502a
Original poster
Dec 13, 2008
742
1
aside from the philosophical arguments over the usefulness of end-to-end encryption, does anyone know if Apple implemented it in regards to iMessages sync'ed via iCloud?
 

Feenician

macrumors 603
Jun 13, 2016
5,222
4,956
aside from the philosophical arguments over the usefulness of end-to-end encryption, does anyone know if Apple implemented it in regards to iMessages sync'ed via iCloud?
iirc Craig talked about the challenges they faced doing that at the post wwdc Graber talk.
 

genevan

macrumors newbie
Aug 16, 2011
4
0
aside from the philosophical arguments over the usefulness of end-to-end encryption, does anyone know if Apple implemented it in regards to iMessages sync'ed via iCloud?
According to https://support.apple.com/en-us/HT202303 it is, with the following caveat about iCloud backups:

“End-to-end encryption provides the highest level of data security. Your data is protected with a key derived from information unique to your device, combined with your device passcode, which only you know. No one else can access or read this data.​

....​

“To use end-to-end encryption, you must have two-factor authentication turned on for your Apple ID. To access your data on a new device, you might have to enter the passcode for an existing or former device.​

“Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.”​
 

cynics

macrumors G4
Jan 8, 2012
11,630
1,906
Yes and no, look at it this way... If you can access your data from a vendor's website (i.e. Apple), then they either have the intentional in-built ability or a relatively easy path to access your data with or without your consent.
That isn't true, at least not with iCloud.com (assuming your system isn't compromised and the certificate is legit). Your browser (or OS via API's) is decrypting the data making your browser the only viewable window to the data. iCloud.com uses TLS 1.2 plus Apple requires two factor authentication (if active) for key generation. Without brute force they shouldn't have access to your data.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.