Here’s How You Can Stop Apple from Reading Your iMessages
2 Jul 2021
They say, “You can't be half pregnant,” but we say “You can’t claim to have end-to-end encryption but still be able to access and decrypt iMessages.”
This article is about Apple and its indecisive positioning on communication privacy and its intentional security compromise that allows the tech giant to gain backdoor access to sensitive user data. We want to find out if it's possible to use iMessages without giving up confidentiality.
Generally, this topic becomes a huge argument point between two schools of thought. One believes that compromised encryption is ok if it's in the name of the law. The second, more cynical-minded group, claims that any backdoor or spare key is a security weakness that can be taken advantage of, as in there’s no way to create a backdoor only for the law enforcement.
From our standpoint, security can’t stand bargaining, and that’s exactly what Apple is doing.
Strong Stances On User Privacy Are Not That Rare
It wouldn’t be right to point fingers at Apple without giving out plaudits to others.
For example, Signal never shied away from saying that it cannot provide user content, even if pressured by multiple government agencies. Even WhatsApp can’t break its encryption, although it is known that its cloud backups can be accessed.
The main issue with such a backdoor is that there’s no way to ensure that it won’t be misused.
There’s no way to get enough transparency out of such an approach, and little chance to police those who can use it misappropriately. Also, when backdoors are implemented, criminals simply would switch to other services without backdoors, and you’re only taking the privacy of law-abiding users.
Additionally, law enforcement relies more on physical access to devices when retrieving evidence. If they can crack the passcode, they can read messages right off the device without much hassle.
That’s exactly why we need to understand how we can protect iMessages from being accessed by Apple, and it is not as hard as it sounds. The whole process takes a few minutes but can massively improve your mobile information security.
You have probably already guessed what it’s all about.
It’s All About The Cloud Backups
Of course, the problem is in cloud backups.
Such backups are situated outside of platform’s end-to-end encryption, and the only viable solution right now is to disable them. This is necessary because Apple can decrypt everything except for iCloud Keychain and a few end-to-end encrypted services, more specifically:
- Safari History & Bookmarks
- Calendars
- Contacts
- Find My
- iCloud Drive
- Messages in iCloud
- Notes
- Photos
- Reminders
- Siri Shortcuts
- Voice Memos
- Wallet Passes
So in case you enable iCloud Backup on your Apple device, then Apple will store a copy of your iMessage end-to-end encryption key within your backup. This is similar to locking your door and leaving the key stashed under the carpet.
If you disable the iCloud backup, then Apple will make a new end-to-end encryption key for iMessage, without a copy. Here’s how you can do it:
The general backup was useful to transfer data to a new iPhone, but today a direct transfer does the job, and restoring from the iCloud backup is no longer needed. The only downside of this can be felt only if you lose your phone altogether.
Essentially, another convenience-security trade off.
Always Use Messengers Without Security Compromises
Understanding the premise of end-to-end encryption is critical here.
It is ludicrous to protect the idea of backdoors while wanting your private information to be secure. This approach decreases confidence in government work, which should be the protection of people’s rights.
If disabling iCloud backup is not a very good option for you, then you may consider switching the messenger altogether, because end-to-end encryption either exists, or it doesn’t – no middle ground here.
When looking for an alternative, consider giving StealthTalk a chance. It doesn't store the keys, and doesn't have any copies. StealthTalk relies on a key derivation function to generate keys based on stored materials.You can use StealthTalk for free, or opt in to a premium service to make encrypted calls.