Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iMessage on iCloud end-to-end encryption?

hehe299792458

hehe299792458

macrumors 6502a
Original poster
Dec 13, 2008
783
3
Has there been any updates on if iMessages on iCloud will be protected by end-to-end encryption (i.e. where Apple doesnt have the keys and wont be able to read even the cloud stored messages)? I found this quote, but it's not very specific:

“Our security and encryption team has been doing work over a number of years now to be able to synchronize information across your, what we call your circle of devices—all those devices that are associated with the common account—in a way that they each generate and share keys with each other that Apple does not have.”

“And so, even if they store information in the cloud, it’s encrypted with keys that Apple doesn’t have. And so [users] can put things in the cloud, they can pull stuff down from the cloud, so the cloud still serves as a conduit—and even ultimately kind of a backup for them—but only they can read it.”
Click to expand...

https://pxlnv.com/linklog/improving-imessage-encryption/
 
I think this feature just kicked on over night. My iPhone now has a ton of old conversations that it must have gotten from other devices... they were not here when I went to bed.
 
ajiuo said:
I think this feature just kicked on over night. My iPhone now has a ton of old conversations that it must have gotten from other devices... they were not here when I went to bed.
Click to expand...
Same here. It shows a sync was completed at 1AM local time. Side note, I have all of my devices set for 30 day removal but still see messages from a year ago. Wonder which device will control the time messages hang around.
 
I wonder if there was an iMessage issue last night. I'm still running iOS10 but I had issues syncing messages between my devices. My iPad was fine but my phone was not getting iMessages last night and this morning. It seems to better now -- I did get a flood of missed conversations about an hour ago on my phone.
 
hehe299792458 said:
Has there been any updates on if iMessages on iCloud will be protected by end-to-end encryption (i.e. where Apple doesnt have the keys and wont be able to read even the cloud stored messages)? I found this quote, but it's not very specific:
Click to expand...

Yeah, that's a fair question to ask. The post is written by someone who hasn't paid attention to WWDC. So it's not a great resource. The iMessages sync feature should have the messages encrypted in transit to Apple and at rest while at Apple.

However, the iCloud backups are a different thing entirely, and I haven't seen anything new on that front. Since Apple hasn't mentioned it, I'd assume that iCloud backups are as they were in iOS 10.
 
The simple answer is yes.

iCloud data is encrypted for a start.

iMessage has end to end encryption.

Why would you think it was any different.

The failing factor 99.9% of the time is the human one.
 
Gav2k said:
iCloud data is encrypted for a start.
Click to expand...

Except it's not encrypted in such a way to prevent access by third parties. Apple holds copies of the keys for the data at rest on their servers.

They've been getting better, but iCloud Drive, iCloud Photos, and iCloud Backups are definitely not on the same level as iMessages or Keychain is.
 
Krevnik said:
Except it's not encrypted in such a way to prevent access by third parties. Apple holds copies of the keys for the data at rest on their servers.

They've been getting better, but iCloud Drive, iCloud Photos, and iCloud Backups are definitely not on the same level as iMessages or Keychain is.
Click to expand...
So what if they hold keys. At the end of the day unless your part of some criminal organisation or under investigation for something nasty Apple will protect that data!
 
Gav2k said:
So what if they hold keys. At the end of the day unless your part of some criminal organisation or under investigation for something nasty Apple will protect that data!
Click to expand...

It's not just about governments though (let alone yours). If I hold keys to millions of users, that makes me a tempting target. And just one failure to prevent a breach is enough to allow an awful lot of damage. Limiting that damage is a good thing. Nor are all governments of the world my friend. Even assuming the one that has direct power over me is, that's no guarantee any foreign government is.

But if I'm being honest, the US and UK are surveillance happy enough these days that the surveillance is not nearly as discriminate as it was at the turn of the century. If it was, I wouldn't care too much. But since it is becoming more indiscriminate, I'd much rather make them work for it, thanks.
 
  • Like
Reactions: dysamoria
aside from the philosophical arguments over the usefulness of end-to-end encryption, does anyone know if Apple implemented it in regards to iMessages sync'ed via iCloud?
 
hehe299792458 said:
aside from the philosophical arguments over the usefulness of end-to-end encryption, does anyone know if Apple implemented it in regards to iMessages sync'ed via iCloud?
Click to expand...

iirc Craig talked about the challenges they faced doing that at the post wwdc Graber talk.
 
hehe299792458 said:
aside from the philosophical arguments over the usefulness of end-to-end encryption, does anyone know if Apple implemented it in regards to iMessages sync'ed via iCloud?
Click to expand...

According to https://support.apple.com/en-us/HT202303 it is, with the following caveat about iCloud backups:

“End-to-end encryption provides the highest level of data security. Your data is protected with a key derived from information unique to your device, combined with your device passcode, which only you know. No one else can access or read this data.​

....​

“To use end-to-end encryption, you must have two-factor authentication turned on for your Apple ID. To access your data on a new device, you might have to enter the passcode for an existing or former device.​

“Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.”​
 
AVonGauss said:
Yes and no, look at it this way... If you can access your data from a vendor's website (i.e. Apple), then they either have the intentional in-built ability or a relatively easy path to access your data with or without your consent.
Click to expand...

That isn't true, at least not with iCloud.com (assuming your system isn't compromised and the certificate is legit). Your browser (or OS via API's) is decrypting the data making your browser the only viewable window to the data. iCloud.com uses TLS 1.2 plus Apple requires two factor authentication (if active) for key generation. Without brute force they shouldn't have access to your data.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back