Can Apple read your iMessages? (2013)
4 months ago
- #Encryption
- #iMessage
- #Privacy
- Apple's iMessage encryption lacks transparency, raising concerns about privacy and security.
- iMessage backups to iCloud can be recovered after a password reset, suggesting Apple can access messages if compelled.
- iMessage's encryption relies on Apple's directory service for key distribution, creating a potential point for man-in-the-middle attacks.
- Apple does not use certificate pinning for iMessage's HTTPS communications, leaving it vulnerable to forged certificate attacks.
- Metadata about iMessage communications may be retained by Apple, despite the encryption of message contents.
- The security of iMessage involves trade-offs between usability and security, with details of these trade-offs not disclosed by Apple.