iPhone fans, and many in the media, love to bash BlackBerry phones and BB10. Aside from claiming that BB10 has no apps, iPhone fans also love to talk about how great iCloud is, how iOS can automatically backup their data without having to pay for a cloud service nor a backup app, and how iMessage has end-to-end encryption. Tim Cook has been going around talking to just about everybody who’s willing to listen, proclaiming Apple cares deeply about their users’ privacy and security, claiming, among other things, that Apple can’t read users’ messages because Apple doesn’t have the keys, only the iOS users have the keys.
“If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key.” — Time Cook in an interview with Charlie Rose September 15, 2015
Ends up, that’s not quite true. Allow me to burst their bubbles.
It’s true that iMessage uses end-to-end encryption. However, the iOS backup functionality doesn’t. So, when an iOS user sends a message using iMessage, that message will be encrypted with the sending user’s key, which Apple doesn’t have, and it can only be decrypted with the receiving user’s key, which Apple also doesn’t have.
“But the reality is that if you have an open door in your software for the good guys, the bad guys get in there, too.” — Time Cook in an interview with NPR October 1, 2015
But, if the user has enabled automatic backups to iCloud, then the copy of the message that’s stored on the iPhone gets encrypted using Apple’s key, instead of the user’s key, and then stored in iCloud. This is true for all the user data being backed up to iCloud, including iMessages, SMS messages, photos, documents, etc. So if the government or law enforcement knock on Apple’s door asking for access to a certain user’s unencrypted data, Apple can indeed comply.
The only way around this is to disable automatic backups, which takes away one of the big values of the Apple ecosystem, forcing users to buy a backup app in order to maintain the same functionality, or use iTunes to backup your iPhone’s data locally on your computer or NAS and then upload that to iCloud.
Once again, we see that the emperor has no clothes. If you care about mobile privacy and security, there’s only one choice: BlackBerry.
Source: The Hacker News