iMessage on iCloud end-to-end encryption?

Discussion in 'iOS 11' started by hehe299792458, Jun 23, 2017.

  1. hehe299792458 macrumors 6502a


    Dec 13, 2008
    Has there been any updates on if iMessages on iCloud will be protected by end-to-end encryption (i.e. where Apple doesnt have the keys and wont be able to read even the cloud stored messages)? I found this quote, but it's not very specific:
  2. ajiuo macrumors 65816

    Apr 9, 2011
    I think this feature just kicked on over night. My iPhone now has a ton of old conversations that it must have gotten from other devices... they were not here when I went to bed.
  3. gsmornot macrumors 68030


    Sep 29, 2014
    Same here. It shows a sync was completed at 1AM local time. Side note, I have all of my devices set for 30 day removal but still see messages from a year ago. Wonder which device will control the time messages hang around.
  4. lah macrumors 6502

    Mar 22, 2010
    I wonder if there was an iMessage issue last night. I'm still running iOS10 but I had issues syncing messages between my devices. My iPad was fine but my phone was not getting iMessages last night and this morning. It seems to better now -- I did get a flood of missed conversations about an hour ago on my phone.
  5. Krevnik macrumors 68040


    Sep 8, 2003
    Yeah, that's a fair question to ask. The post is written by someone who hasn't paid attention to WWDC. So it's not a great resource. The iMessages sync feature should have the messages encrypted in transit to Apple and at rest while at Apple.

    However, the iCloud backups are a different thing entirely, and I haven't seen anything new on that front. Since Apple hasn't mentioned it, I'd assume that iCloud backups are as they were in iOS 10.
  6. Gav2k macrumors G3


    Jul 24, 2009
    The simple answer is yes.

    iCloud data is encrypted for a start.

    iMessage has end to end encryption.

    Why would you think it was any different.

    The failing factor 99.9% of the time is the human one.
  7. Krevnik macrumors 68040


    Sep 8, 2003
    Except it's not encrypted in such a way to prevent access by third parties. Apple holds copies of the keys for the data at rest on their servers.

    They've been getting better, but iCloud Drive, iCloud Photos, and iCloud Backups are definitely not on the same level as iMessages or Keychain is.
  8. Gav2k macrumors G3


    Jul 24, 2009
    So what if they hold keys. At the end of the day unless your part of some criminal organisation or under investigation for something nasty Apple will protect that data!
  9. AVonGauss macrumors 6502

    Oct 6, 2006
    Boynton Beach, FL
    Yes and no, look at it this way... If you can access your data from a vendor's website (i.e. Apple), then they either have the intentional in-built ability or a relatively easy path to access your data with or without your consent.
  10. Krevnik macrumors 68040


    Sep 8, 2003
    It's not just about governments though (let alone yours). If I hold keys to millions of users, that makes me a tempting target. And just one failure to prevent a breach is enough to allow an awful lot of damage. Limiting that damage is a good thing. Nor are all governments of the world my friend. Even assuming the one that has direct power over me is, that's no guarantee any foreign government is.

    But if I'm being honest, the US and UK are surveillance happy enough these days that the surveillance is not nearly as discriminate as it was at the turn of the century. If it was, I wouldn't care too much. But since it is becoming more indiscriminate, I'd much rather make them work for it, thanks.
  11. hehe299792458 thread starter macrumors 6502a


    Dec 13, 2008
    aside from the philosophical arguments over the usefulness of end-to-end encryption, does anyone know if Apple implemented it in regards to iMessages sync'ed via iCloud?
  12. Feenician macrumors 603


    Jun 13, 2016
    iirc Craig talked about the challenges they faced doing that at the post wwdc Graber talk.
  13. genevan macrumors newbie


    Aug 16, 2011
    According to it is, with the following caveat about iCloud backups:

    “End-to-end encryption provides the highest level of data security. Your data is protected with a key derived from information unique to your device, combined with your device passcode, which only you know. No one else can access or read this data.​


    “To use end-to-end encryption, you must have two-factor authentication turned on for your Apple ID. To access your data on a new device, you might have to enter the passcode for an existing or former device.​

    “Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.”​
  14. cynics macrumors G4

    Jan 8, 2012
    That isn't true, at least not with (assuming your system isn't compromised and the certificate is legit). Your browser (or OS via API's) is decrypting the data making your browser the only viewable window to the data. uses TLS 1.2 plus Apple requires two factor authentication (if active) for key generation. Without brute force they shouldn't have access to your data.
  15. Tech198 macrumors G5

    Mar 21, 2011
    Australia, Perth
    We trust others too much in this digital world

Share This Page

14 June 23, 2017