If one expects to be safe and secured on the widely used iMessage with your friends is indeed secure from other people.
You would be extremely disappointed in this article! iMessage is not safe or secure.
But it would be like the government stated on a concrete block, “If you have nothing to hide, you have nothing to fear.”
When discussing about the topic of end-to-end security encryption, the security of your iMessages are not secure enough to make you hidden from tracing.
This would be due to the fact that Apple is storing a lot of information pertaining to your iMessages, which can also lead onto the revealing of your contacts.
In essence, iMessages can also reveal your exact location as well as share that information with the local law enforcement. If that doesn’t scare you, the court can order this to happen with or without your consent and knowledge.
According to Apple, your iMessages as well as FaceTime conversations are your business and not the business of anyone else. However, looking into the reports and “Apple’s Commitment to Customer Privacy” does clearly state that
“Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and delver the narrowest possible set of information to the authorities.”
Apple does also state inside their privacy statement, that they have been known from time-to-time to refuse the requests for information from law authorities.
The Intercept has received a new document in which states that Apple does in fact records an entire log of different phone numbers that you have typed into the companies iPhones for message conversations.
This information is also kept along with the exact date and even the time in which you have entered those phone numbers. Even more so, they record your IP Address, in which they will be able to utilize later for identifying your location if such a need arises.
But in reality of the matter is, every single time a user types any phone number into their iPhone for direct messaging, iMessage will then send a request to Apple servers in order to learn if it should provide a route any given message over the iMessage system.
As reported by the Intercept, “Apple records each query in which your phone calls home to see who’s in the iMessage system and who’s not,”
Even more frightening, Apple is indeed compelled into turning over information to the law enforcement officials that upholds a valid court order. In general, this is usually with “Pen Registers” or even “Tap and Trace Devices” in which those warrants are rather easily obtained.
It may come off as a surprise to most that Apple, in which has self-positioned themselves as a “Staunch Defender” of their user privacy statements by “refusing” the federal officials in order to provide encryption backdoors into their own products, when they will then just hand over their user’s private information on the iMessage application.
Contrary to the believes set forth by Apple back in 2013, The Intercept also points out that the company is keeping an active log of their customers IP Address in which that can be utilized in order to reveal any respective customer’s location.
Apple stated back in 2013 “do not store data related to customers’ location.” Well that turned out to become a lie.
Once again, the Intercept has also obtained a document in which was titled “iMessage FAQ for Law Enforcement” that talks about the Apple’s iMessage logging as a section of an entirely larger cache that had originated from within a state police agency, “The Florida Department of Law Enforcement’s Electronic Surveillance Support Team.”
This team also facilitates the massive data that has been collected for law enforcement by utilizing controversial tools in which includes the popular “Stingray”, alongside the assistance of typical conventional techniques such as those of pen registration and the tap-and-trace devices for warrants.
While it does remain true that your iMessages are in fact end-to-end encryption, it does not state that all of the Apple consumers are also enjoying the respective company’s so-called “Privacy” benefit.
For those that also enabled the built-in iCloud Backup for your Apple devices in order to maintain a copy of your information, those iMessages, photos, and every other important aspect of data that is stored on your device are also encrypted upon the iCloud system. This encryption utilizes a special key in which is also controlled and maintained by Apple, not you.
So in essence, Apple is still in full control over reading your “end-to-end encrypted” iMessages if they so choose too.
Even if one was to be able to entrust this company, that will still not provide you with decrypted data onto the law enforcement. As we can reference to the San Bernardino case, in which that Apple was more than willing to aid the FBI with the iCloud backup files.
Anyone in which that can gain access into your personal iCloud account can see all of your personal information regardless of confidentiality.
Now, time for the good news. It is completely possible to store your personal information securely through backing up your data locally using iTunes, however this is not an obvious choice for the typical iPhone user.
Another great option you can use, is obtaining a personal external hard drive, or the purchase of an online hosting provider.
However, in order to make this matter even more horrible, a recent issue of the local password-protected iTunes backup system, does provide a type of affect the encryption strength for the backup support of iOS 10.
Which in return allows attackers to manage their brute force attacks and bypass the password for their targets user’s local backup.
Yes, Apple has in fact confirmed that the issue with iOS 10 does exists and that they are working on a fix that will be included upon the upcoming patch.
But, whenever asked about the iMessage issue, Apple responded by saying;
“When law enforcement presents us with a valid subpoena or court order, we provide the requested information of it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications.
In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.”
Sources | Apple (Commitment to Customer Privacy) | The Intercept | The Guardian (Apple Encrypted Backdoors) | Wired (Stingray) | Quora (Apple Reads End-to-End Encrypted iMessages) | SB County DA (San Bernardino Case) | The Hacker News |