iMessage is one of the well known instant messaging platforms. The reason for its popularity is quite obvious; it is integrated into iOS and is present in an iPhone by default. It does not need any complicated settings, and this is the reason why most iPhone users uses the iMessage app. Wherever you go iMessage functions everywhere across the world even in places where other messengers stop.
Is iMessage is Secure and Safe?
But the question is how secure is iMessage? Is it 100% safe based on your privacy? Is it completely safe from hackers? Is it completely ok to send all private snapshots through iMessage or even your location?
Although there is no direct and simple answer, recently Apple explained that it uses end to end encryption for protecting iMessage as well as face time conversations on all devices. With watch OS and iOS, the messages are encrypted on the device and they have no access without the user’s passcode. iMessage and Facetime have been designed in such a way that there is no way for data decryption whiles its transition between devices. All the messages are automatically deleted from the device after 30 days.
Apple’s Security Document – iMessage
In the security document, Apple updated the whole process in which iMessage functions and how much secured it is. It has described in details how
- An iOS-based device makes a set of private and public keys when the conversation starts every message is encrypted and then stored on the Apple server and then the encrypted message is deleted when the device retrieves it.
- The public keys are not sent to Apple servers.
- The private keys are stored in the device and Apple has no access to it.
- The moment somebody initiates the conversation through iMessage, they get access to your public keys from the server and before the message leaves the device of the sender, it gets encrypted to something which only your device can decrypt.
Some of the data like the time stamp and the routing data of APN is not encrypted.
All independent encrypted and non-encrypted data are then encrypted as a single package, in the way between the device and the apple server. This is the reason why it becomes tough for those attackers to get access to this data.
So, the answer to the question of how secure is iMessage has no particular answer. All we know is the messages and all attachments have good protection along with the added level of encryption when compared to other content. For decryption, one requires the keychain and this is quite problematic.
If you are thinking whether or not apple can read your messages, then no they do not have the access to keychain and message of your iCloud. This is the sole reason why they are including them into the data bunch that is available in “Get a copy of your data” present at Apple ID Data and privacy. Then for law enforcement, a request can be sent to Apple or use the software but with user’s credentials as well as a passcode.
If you are thinking of any alternatives, then yes with Apple ID and password and the second option is the authentication factor with a password. With this, one can easily make the connection of the new device with the account, enable the iCloud Keychain. Then you have to wait till the device is synced entirely, the setup iTunes back up a password, make a local back up and then open the back up by making use of forensic software for analysis.
Also Read: iMessage Online
As per the information available, we can say there are no vulnerabilities present in the iMessage protocol that would facilitate decryption of intercepted messages or sniffing the traffic in between iPhone and Apple servers which is not at all easy. The only way to access message is by getting them from the device by making a local back up with the help of iTunes. In simple terms, you should have the device and you should know the passcode so that you can establish a pairing with the computer. If the backup is protected by password, you will have to face one or more issue. The problem is not serious if your iPhone is having iOS 11 or 12 where you can easily reset your password.