So How Secure is Messages in iCloud Anyway?

1 minute read
| News

Aside from questions like how the new Messages in iCloud feature works, a lot of people are wonder how secure it is. Apple just updated its iCloud security overview page to give us an idea.

[iCloud Messages FAQ: Here’s What You Need to Know]

Messages in iCloud

As it turns out, Messages in iCloud is pretty secure. It uses end-to-end encryption just like certain other services like iCloud Keychain, Siri data, payment information, etc. From the page:

Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, a copy of the key protecting your Messages is included in your backup. This ensures you can recover your Messages if you’ve lost access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and it is not stored by Apple.

What this means is that all of your messages are encrypted by a key generated using your device’s passcode. This makes it inaccessible to Apple and other third parties. But there’s a caveat.

Image of padlock with Apple logo. Messages in iCloud is end-to-end encrypted.

If you enable iCloud Backup, that encryption key is included. It sounds like a copy of might also be stored in iCloud Keychain. That means if Apple is served a warrant by law enforcement, your iCloud Backup, along with all of its data, can be accessed. But this has always been true of iCloud Backup; the inclusion of Messages in iCloud hasn’t changed this fact.

Essentially, if you’ve trusted Apple with your personal data so far, you can continue to do so. If you’re a person who’s worried about law enforcement/government access, chances are you’re using a different messaging app like Signal.

[iOS: How to Send Links in iMessage Without the Rich Preview]

Leave a Reply

Please Login to comment
3 Comment threads
2 Thread replies
Most reacted comment
Hottest comment thread
3 Comment authors
Lee DronickAndrew OrrJohn Kheit Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

newest oldest most voted
Notify of
John Kheit
John Kheit

Also… a good friend makes an interesting inquiry. How come if you get a new device and you sign in, you get some older iMessages that come in and you can read? If you’re not using iCloud messages, and not using iCloud backup, the key to decrypt your messages should be just on your old device, ergo, when you log in with a new device, how are you able to read/see anything if the decryption key is only on the old device.

Something about it doesnt seem to add up.

John Kheit
John Kheit

One question. Why isnt the keychain end-to-end encrypted so its key is from your device so apple couldn’t access it. It seems weird that, which is way more sensitive, wouldn’t be afforded the same level of protection…

John Kheit
John Kheit

Really great article Andrew, thanks for the really tight description!