Aside from questions like how the new Messages in iCloud feature works, a lot of people are wonder how secure it is. Apple just updated its iCloud security overview page to give us an idea.
[iCloud Messages FAQ: Here’s What You Need to Know]
Messages in iCloud
As it turns out, Messages in iCloud is pretty secure. It uses end-to-end encryption just like certain other services like iCloud Keychain, Siri data, payment information, etc. From the page:
Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, a copy of the key protecting your Messages is included in your backup. This ensures you can recover your Messages if you’ve lost access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and it is not stored by Apple.
What this means is that all of your messages are encrypted by a key generated using your device’s passcode. This makes it inaccessible to Apple and other third parties. But there’s a caveat.
If you enable iCloud Backup, that encryption key is included. It sounds like a copy of might also be stored in iCloud Keychain. That means if Apple is served a warrant by law enforcement, your iCloud Backup, along with all of its data, can be accessed. But this has always been true of iCloud Backup; the inclusion of Messages in iCloud hasn’t changed this fact.
Essentially, if you’ve trusted Apple with your personal data so far, you can continue to do so. If you’re a person who’s worried about law enforcement/government access, chances are you’re using a different messaging app like Signal.
[iOS: How to Send Links in iMessage Without the Rich Preview]
Also… a good friend makes an interesting inquiry. How come if you get a new device and you sign in, you get some older iMessages that come in and you can read? If you’re not using iCloud messages, and not using iCloud backup, the key to decrypt your messages should be just on your old device, ergo, when you log in with a new device, how are you able to read/see anything if the decryption key is only on the old device.
Something about it doesnt seem to add up.
Hopefully Apple updates the iOS Security Guide with technical details, although that won’t happen until iOS 12 gets released. I might be wrong but when it comes to storage of messages, I don’t think there’s much of a difference between Messages in iCloud and messages backed up in iCloud Backup. When it comes to receiving messages, it sounds like they might get sent to iCloud first, then pushed to your device, similar to email.
One question. Why isnt the keychain end-to-end encrypted so its key is from your device so apple couldn’t access it. It seems weird that, which is way more sensitive, wouldn’t be afforded the same level of protection…
Really great article Andrew, thanks for the really tight description!