Yes, it does. The messages are 'end to end' encrypted in the iMessage service, but then iMessage backs up its encryption key in the iCloud backup service, defeating the point.

"If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices."

https://support.apple.com/en-us/HT202303

That is true of any end-to-end solution. If you back up your private keys, anyone who has access to your backup would be able to access the encrypted messages. Remember, you can turn off iCloud backup if you're worried about Apple accessing your keys.

Ultimately, it's false to equate iMessage's encryption scheme, which is end-to-end, to an encryption scheme that requires a server to relay decrypted data.

> That is true of any end-to-end solution.

Utterly false. Real end-to-end encryption would encrypt the backup with a key that is not available to the backup service (e.g. derived from a passphrase not sent to the server).

Of course this system has better usability, which is why Apple does it. But it's still a farce to call a system where Apple has the ability to decrypt the majority of messages "end-to-end" encrypted. The fact that it's through the backup servers instead of the iMessage servers makes no difference.

What's more, it's possible to do better without sacrificing usability. For several years Android has been end-to-end encrypting backups using the user's lock screen passcode, with protection against brute force attacks provided by hardware secure elements. https://security.googleblog.com/2018/10/google-and-android-h...

> The fact that it's through the backup servers instead of the iMessage servers makes no difference.

It makes a big difference. If I print out the texts I receive, it doesn't change whether the texting program is end-to-end encrypted. The same goes for backups. An unencrypted system-level backup doesn't mean that the program being backed up is failing at security.

It's bad that Apple doesn't let you encrypt your backups properly, but it's a separate issue.

What if the texting program has a built in feature to print the texts you receive and mail a copy to the company that wrote the program, and it nags you to enable this feature all the time, and most of your friends have it enabled? Because that's a lot closer to the scenario here.

> An unencrypted system-level backup doesn't mean that the program being backed up is failing at security.

iOS programs can choose how their data is backed up. iMessage isn't just getting its data stolen by iCloud accidentally. These backups are a feature of iMessage as much as iCloud. And besides, iCloud is made by the same company, it's not a separate entity.

iMessage itself bugs you to enable backups?

> iOS programs choose how their data is backed up.

Well desktop apps don't. Would you say that no desktop app that saves its key can ever qualify as end-to-end encrypted?

> And besides, iCloud is made by the same company, it's not a separate entity.

I'm not convinced that's relevant to whether the encryption is end-to-end or not.

> Would you say that no desktop app that saves its key can ever qualify as end-to-end encrypted?

I would say that no app can qualify as end-to-end encrypted if a large fraction of users send their data to the maker of the app in a form that can be decrypted by the maker of the app, regardless of the reason.

If iMessage was made by a third party and worked exactly the same then you'd have no objection to calling it end-to-end encrypted?

No. This is a necessary condition for being end-to-end encrypted, not a sufficient one. But iMessage doesn't meet it.

Okay, so if I can't guess your point of view, then it would really help if you would answer the question I asked about desktop apps.

Turning off iCloud backup is not a genuine choice, because it means you lose everything if you lose or break your phone (there is no other way to back up your phone except iCloud backup, Apple does not allow third-party phone backup services).

You can do local encrypted backups to a Mac, either via to iTunes (<10.15) or Finder (10.15).

This would be less upsetting to me if my Macbook didn't bug me about iCloud every time I start up several years after I bought it.

There’s a good HN thread from earlier this year about that, but basically, you can disable iCloud Backup and enable Messages in the Cloud, so that all of the messages are still backed up and synced between your devices but the keys are not, so that Apple can not read them. Then you can back up to your Mac/PC instead.

But unless everyone you correspond with does this too, Apple can still read your messages to them.

Sure, the security of your communications to someone depends on how well they protect them, not just you. That’s always true.

But most end-to-end encrypted apps aren't configured by most of their users to send their messages and encryption keys directly to the author of the app. iMessage is.

> defeating the point

Have you considered that some people trust Apple but don't trust Zoom? At some point you have to trust somebody, right?

Feel free to trust who you want but I don't think Apple should be able to get away with calling iMessage end-to-end encrypted when they have most iMessages stored on their servers and the keys to decrypt them.

> At some point you have to trust somebody, right?

It's possible to use an actual end to end encrypted app that doesn't have the keys to read your messages stored on their servers.

I think this article is a bit over my head, but if Apple never has possession of users' private keys, how are they able to recover iMessage conversations when a phone is lost/stolen (which I know they can do)?

They can only do that if you have backed up your phone. If you haven't they cannot recover your messages.