Apple’s iMessage service uses secure end-to-end encryption. This ensures only you and the person you’re talking to can see your messages. But there’s a big privacy hole in iMessage, and it’s named iCloud. Here’s what you need to know.
iMessage Uses End-to-End Encryption to Send and Receive Messages
Apple’s iMessage for iPhone, iPad, and Mac always uses end-to-end encryption. Only the sender and receiver of the messages can see their contents.
Photos, videos, and other file attachments are also encrypted. What’s more, Apple’s FaceTime service also uses end-to-end encryption for voice and video calls, too.
This means that Apple and its employees cannot see the contents of the iMessages you’re sending and receiving—even if they wanted to.
So far, so good. But there’s a big “gotcha” here.
iCloud Backups Are Enabled by Default and Aren’t E2E Encrypted
If you have iCloud Backups enabled on your iPhone or iPad—and most people do—then there’s a big hole in the normally secure, end-to-end encryption.
With either iCloud Backup or Messages in iCloud enabled, your iCloud messages are encrypted, then backed up to iCloud and stored on Apple’s servers. However, Apple receives a copy of the key that is used to encrypt that backup.
In other words: Apple and its employees could technically access the contents of your iMessage backups on Apple’s servers. The backups aren’t end-to-end encrypted. If Apple’s servers were compromised or someone else gained access to your iCloud account, they could see the contents of your messages. This also means that Apple could turn over the contents of your iMessage history if compelled to by a government.
Of course, even iMessage is much better than traditional text messages. SMS messages aren’t even private or secure when you’re sending and receiving them! Your cellular carrier can see their contents.
Why Aren’t iCloud Backups End-to-End Encrypted?
There are several reasons why Apple doesn’t use end-to-end encryption for backups.
First, this provides more protection for average people who lose their passwords. If you lose your Apple ID password and go through Apple’s password recovery process, you can regain access to all your data, including your iMessage backups. With end-to-end encryption, Apple could give you access to your account—but if you lost your password, you would never be able to access those backups again.
In this way, end-to-end encrypted backups are less user-friendly. Imagine explaining to a bunch of Apple customers that, actually, they can never access their data again because they forgot their passwords. To implement an account recovery process that doesn’t lose data, Apple must have the key that unlocks those backups.
It’s fair to ask, however, why Apple doesn’t at least offer end-to-end encryption as an option for backups. Perhaps there could be an advanced option that encrypts them behind a big warning message.
According to a report in Reuters from January 2020, Apple was planning to offer end-to-end encryption for iCloud backups. However, the company dropped plans to let its users fully encrypt backups after the FBI complained that this would make it more difficult for law enforcement to get iPhone users’ data.
How to Ensure That Apple Can’t See Your iMessages
If you’re concerned about this, and you don’t want your iMessages sitting on Apple’s servers without the end-to-end encryption they normally have in transit, you can stop this from occurring by disabling the iCloud for your Messages app.
Warning: This is a tradeoff. In the future, you won’t be able to restore your Messages from iCloud if you disable iCloud backup for iMessage.
On an iPhone or iPad, go to Settings > [Your Name] > iCloud. Disable the “Messages” option here to stop storing your iMessage history in iCloud.
You can also do this on a Mac. On a Mac, open the Messages app. Click Messages > Preferences, click “iMessage,” and uncheck the “Enable Messages in iCloud” checkbox.
Of course, people you talk to on iMessage likely have iCloud Backups enabled for iMessage on their own account, even if you don’t. This means that your messages may be stored on Apple’s servers—in the other person’s iCloud backup, of course. To prevent this from happening, consider switching to a secure messaging app that doesn’t back up to iCloud—like Signal.
Doesn’t Your iPhone Back up Signal Data to iCloud, Too?
Of course, iMessages aren’t the only thing that your iPhone backs up to iCloud. It backs up the local data many other apps are storing, too—if you have iCloud Backup enabled.
Some other secure, end-to-end encrypted messaging apps get around this concern by just not backing up your messages to iCloud.
For example, the secure messaging app Signal does not back up your message history to iCloud, as Signal’s support site explains. It is always stored locally on your device. You can transfer messages from one iPhone to a new iPhone, but it’s a process that moves messages to a new iPhone and deletes them from your old one.
If you’ve wiped or lost, or just don’t have your old iPhone, you can’t move your messages to a new device. That’s the idea—Signal is designed with privacy and security in mind. It may be less convenient to keep your message history forever, but that protects your privacy.
How to Make Encrypted iPhone Backups
By the way, you can make encrypted backups of your iPhone. You just can’t do it with iCloud. If you have a Windows PC or Mac, you can connect your iPhone (or iPad) to your computer with a USB cable and back up to a local file via iTunes (on Windows) or Finder (on Mac).
Check the “Encrypt Local Backups” option to secure your local backup with a password.
If you lose your iPhone or have to erase it, you can restore this encrypted backup on a new iPhone. This will move your iMessage history to your new device without it being stored on Apple’s servers.