Apple’s approach to user security is admirable – though its dedication to end-to-end encryption could see its smartphones banned in California – but despite its iMessage service – an instant messaging app used for communications between Apple devices – seeming impenetrability, there is one loophole that could leave user messages available for Apple to access, The Hacker News reports.
Apple users that utilise iCloud Backup could find that their iMessage chats, which are usually protected from interception via end-to-end encryption, are uploaded to Apple’s servers in plain text form. So, while the act of sending a message remains perfectly safe, backing up these messages leaves them potentially open to exposure.
“If the government laid a subpoena to get iMessages, we can’t provide it,” Apple CEO Tim Cook told Charlie Rose in a 2014 interview. “It is encrypted, and we do not have a key.”
Apple does, however, possess encryption keys for user’s iCloud accounts. Should an iCloud account be subpoenaed, Apple would be forced to hand over that information.
The vulnerabilities of iCloud accounts led to such unfortunate incidents as “The Fappening”, when hackers gained access to a number of celebrity iCloud accounts that had failed to implement two-step security verification, and posted the private nude photos that were found there.