iMessage Privacy Review

Texts sent through iMessage are not backed up to iCloud by default. That’s a good thing, as the default iCloud implementation gives Apple access to your entire message history.

iMessage defaults to sending texts through Apple’s servers using end-to-end encryption. Although iOS can also send texts as SMS through the GSM network if it can’t reach the iMessage network, this is also turned off by default. That’s great, as SMS offers no privacy protection whatsoever.

Any audio messages you send through iMessage are set to expire after 2m, which is pretty handy, but you can set these to not expire if you’d prefer.

One significant issue with iMessage’s encryption scheme is that contact key verification isn’t turned on by default, meaning that if you want to be absolutely there isn’t a third party snooping on your messages you’ll need to sign in with your iCloud account and ask the person you’re chatting to do the same.

The Shared with You feature allows other apps to automatically access some content you’ve shared through iMessage, such as Apple Music. This one’s automatically on by default, and we’d recommend you switch it off based on some of Apple’s more aggressive analytics.

How much you trust iMessage really comes down to how much you trust Apple as a whole. In theory, Apple’s E2E encryption should keep your messages safe – the addition of contact key verification really helps here.

However, Apple’s messaging infrastructure isn’t open source and it’s entirely possible that Apple could be collecting significant amounts of metadata as routing your message to a contact is performed via Apple’s Identity Directory Service. Apple might not know what you’re sending, but they could very easily find out who you’re sending it to.

Apple has been keen to espouse the privacy positives of iOS. However, researchers found that iOS regularly sends back significant amounts of data to Apple servers, even with the relevant telemetrics settings turned off.

iMessage largely says the right things about user privacy, but there is a caveat. When you message a business through iMessage, Apple does not create a truly end-to-end encrypted link.

Instead, iMessage sends a message that’s encrypted between you and Apple’s servers. Once it reaches Apple’s servers, it’s decrypted in RAM, meaning that the messages are never saved to a hard drive. The messages are then forwarded to the business you’re texting using a separate encrypted TLS 1.2 tunnel, which is the same level of encryption used to keep your web browsing private when you access web services like your bank’s website.

Technically, you’re given an anonymous ID that the business can identify you by instead of your phone number or iCloud email. However, you’re once again trusting Apple to ensure that they’re not abusing their position as the routing service.

iMessage does implement end-to-end encryption for all messages sent between iPhone devices unless you both choose to use SMS instead. You can verify that you’re end-to-end encrypted if you enable the setting through iOS, but you’ll need anyone else you’re texting to do the same.

When you message other devices outside the Apple ecosystem, your privacy guarantees are nowhere near as strong. Apple has repeatedly promised that E2E encryption support for RCS (essentially Android’s upgraded version of SMS) is on the horizon, but it’s yet to materialize.

There’s also an inherent privacy flaw” in the way Apple implements iCloud backup. While it’s not turned on by default, backing up your chat history to Apple’s iCloud servers also uploads a copy of the key used to encrypt your messages. Apple claims this is so that your messages can be restored if you lose access to your device, but it essentially allows Apple to decrypt your messages at will.

Data shared with iCloud is retained on the iCloud servers for up to 180 days, including your old message keys. After this point, your keys are deleted and you can be (relatively) sure Apple can no longer access your old messages.

You have two options for keeping your message content out of Apple’s hands. First, you can turn off iCloud backups for iMessage. Once you do, a new message key will be generated on your device so none of the messages you send going forward can be decrypted by Apple.

Alternatively, you can turn on Advanced Data Protection for iCloud. It completely encrypts your iCloud backup so that only you have access to it (with the exception of your emails and calendar data). However, if you lose the credentials needed to access your iCloud, that’s it – Apple really can’t help you.

Nuclear Option: iMessage is baked into your iCloud account. If you want to get rid of all the data Apple holds on you, you’ll need to shut down your Apple account completely. However, most of the features on your iPhone (including iMessage) won’t work without one, so make sure you’re comfortable with losing access to the Apple ecosystem first.

First, make sure you download all of the data you want to keep from any of your Apple devices, as you won’t be able to access it afterwards. Next, log into your iCloud account from a web browser and manually remove each device associated with your account.

Once you’re ready to remove your account, go to your Apple Account page and select “Manage Your Privacy”. Select the “Delete Your Account” option and follow through the dialogs that pop up. As part of the process, you’ll need to nominate a separate email account that Apple can contact you through during the deletion process.

Deleting your account can take up to seven days, during which time your Apple Account remains active.

You can’t really “replace” iMessage if you’re on iOS. It’s how Apple handles SMS messages inside the iPhone, so if someone texts your number it’s going to be processed through iMessage.

If one of your contacts is backing up your conversation with them to their iCloud drive, all you can really do is ask them to enable Advanced Data Protection so at least Apple can’t snoop on your texts.

That said, if you want to message someone through a secure texting app, we’d recommend you use Signal instead. It’s truly E2E encrypted and both the client and server infrastructure are almost entirely open source, vastly reducing the amount of trust you need to place in Signal as a company.