If you were thinking that your iMessage conversations are safe and Apple respects your privacy, well, you were very wrong. According to a recently leaked document which arrived from inside sources, i.e. the the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, Apple not only logs your iMessage contacts and chats, but also shares them with the police. And believe me, if they share that intel with the police, they also share it with intelligence services, that’s a given.
The document was obtained by The Intercept and it details how every time you type a phone number into your iPhone for a message via iChats, Apple’s servers record each query together with a ton of metadata on top(remember Snowden?), including the date and time when you are chatting, your IP address which is disclosing your location and who knows what else.
And even more than that, Apple will share all the information recorded about your iMessage with the police/law enforcement agencies. Okay, the police will have to present a court order, the likes of a “tap and trace devices” or “pen registers”, which are fairly easy to obtain. The problem is that Apple logs data that isn’t supposed to be logged, like user’s IP addresses together with all your personal/private data from your iPhone stored automatically in the iCloud, including copies of your sent messages, photos and the whole nine yards. Okay, the data is supposedly encrypted, but it uses a key controlled by Apple (read NSA), not by you.
Basically, if Apple wants, all your iMessages, even if encrypted, “are belong to us”, i.e. it can be read anytime, anywhere. Also, Apple deliberately weakened encryption algorithms in their latest iOS 10, making for a brute force attack to be 2500 times faster than in the previous iOS 9. Inquired about the leaked intel, Apple provided the following statement:
When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.”
You’ve been warned folks.