[ad_1]
If you have an iPhone and your friends mostly have iPhones, you’re probably using Apple’s Messages app to communicate with them. It is the nature of things. And aside from the convenience and ubiquity of the platform, one of the selling points of the iMessage platform is that its end-to-end encryption should theoretically ensure that only you and those you text to can read your conversations. However, that might not be the case: Apple can probably access messages for a very large number of iMessage users, even with end-to-end encryption in place.
By default, iMessage is protected from Apple’s eyes
As designed by Apple, iMessage’s encryption works in such a way that messages sent from your Apple device to another Apple device are visible only to the affected parties. The iMessage files themselves are scrambled in transit, so if someone were to theoretically access them without opening them on your trusted device, they would see a data jumble instead of the message content. Your Apple device acts as the “key” to decrypt this data; without this key, the data remains locked in an encrypted state.
In its basic form, this end-to-end encryption works as expected. Only your connected devices and Apple devices that receive your messages have the keys to unlock and read said messages. Apple cannot read your messages without accessing your unlocked device, and neither can law enforcement or any other third party. Note that only iMessages are encrypted; Text messages (which appear as green bubbles in Messages instead of the standard blue) are not crypt.
How you save your messages matters
So yes, your texts are encrypted as sent and received. But few of us delete every text as it arrives; we keep them in case we want to see them again later, which means we have to save them somehow. And as it turns out, How? ‘Or’ What backing up your messages can be the difference between having a truly secure iMessage history and giving Apple the key to unlock all of your conversations.
First, let’s talk about messages in iCloud. This service backs up your messages to your iCloud account and syncs them across all your connected Apple devices. It is a convenient way to start a conversation on your iPhone and continue it on your Mac or iPad, and also serves as a reliable backup method.
Then there’s iCloud Backup, Apple’s service for backing up your iPhone’s content. An iCloud backup can store many different things, from app data to device settings, home screen settings, photos and videos, and, yes, messages. The two features are not mutually exclusive; you can enable messages in iCloud with iCloud backup. However, when you do, Apple stores your message history separately from your device’s iCloud backup.
iCloud Backup is not a secure method to save your messages
Here is the tricky thing; Messages in iCloud are end-to-end encrypted, as you might expect, which is why there is no way to access your messages on the web, for example by logging into icloud.com. There is one big problem, however: your iCloud backup is not end-to-end encrypted and Apple stores the key to unlock your encrypted messages in this backup.
Apple does this to provide a backup to your backup – if you forget your Apple ID password or your device unlock password, Apple doesn’t want you to lose your data forever, and that’s it. that would happen if iCloud backups, and the data inside, were end-to-end encrypted. Apple’s iCloud Data Recovery Service is capable of recovering all data backed up in iCloud that is not encrypted, which is most of your data. Many people are probably relieved when Apple “records” their messages in this situation. Those of us who are privacy conscious, however, are more likely to be unsettled.
It’s not just your messages; in addition to the keychain, screen time and health data, Apple has the key to decrypt all of your iCloud data. Now, there is no evidence that Apple is or has ever decrypted users’ messages and data using the keys they have stored in iCloud, but that’s not the issue. The main thing is the company could do it if he wanted to, or, more likely, if he was forced sharing of this key and the associated data with the police. If ever there was a major iCloud data breach, hackers could access your data this way as well. This isn’t a really secure solution to the backup problem, but it’s easy to confuse people into believing it does (before researching this article I certainly thought it was).
How to stop Apple from reading your messages
Fortunately, there is a relatively simple solution to this problem: don’t use iCloud backup to store old texts. Apple’s backup service is where it stores the key to unlock your messages, as well as the rest of your unencrypted data, so if you don’t have any locked data, it can’t be accessed. It does not mean that you can not save your messages. Remember, messages in iCloud is End-to-end encrypted, which means that even if you keep these messages in the cloud, Apple doesn’t have the key to decrypting them.
You can turn off iCloud backup in Settings> Apple ID> iCloud> iCloud Backup. Make sure the toggle next to ICloud backup is gray. When you turn off iCloud backup, your last backup will stay in the cloud for 180 days. This means that you have to wait six months until you are assured that Apple no longer has the key to your messages on its servers. The good news, however, is that once iCloud backup is turned off, a new key is generated for future messages; from now on, your new messages are protected.
If you want to use the Secure Messages feature in iCloud to back up and sync your conversations, you can check its status from the iCloud settings page; the seesaw next to messages should be green. If you want an alternative backup solution, try backing up your iPhone to your computer through Finder (macOS Catalina or later) or iTunes (Windows or macOS Mojave or earlier). Apple has an easy to follow walkthrough if you’ve never done it before. You can even encrypt these backups, ensuring that everything on your iPhone is protected by anyone who might have access to your laptop.
You are never fully protected with iMessage
You can follow the steps above to ensure that messages on your end are end-to-end encrypted, but you cannot control the actions of everyone you text. There is no way to know for sure if someone else has iCloud backups turned on; if they do, it would give Apple the key to any messages you sent to that person. Of course, even if you know that the messages themselves never leave the devices of the people involved in the conversation (as with an app like Signal), there’s nothing stopping other people from taking pictures of your conversations or hand over their device to another party.
All you can do is do the best you can with the data you can control, and encourage those around you to adopt good cybersecurity and privacy practices.
[ad_2]
Source link