Here’s How Apple has Designed the Security of iMessage

In a discussion with some senior members of Apple’s engineering and security teams, Rich Mogull has learned about some interesting details about the company’s security approach, while also finding out that iMessage is much more secure than we think (via SixColors). In a recent blog post, Mogull gives an overview of how Apple has designed the security of iMessage.

IMessage Icon

He explains that users can’t add devices to an iCloud account without triggering an alert because that analysis happens on your device. “Apple put the security logic in each device, even though the system still needs a central authority. Basically, they designed the system to not trust them”, he writes.

According to the Electronic Frontier Foundation, iMessage is one of the more highly-rated secure messaging systems available to consumers. While it may not be perfect, it is however extremely secure considering the fact that its security is basically invisible to end users and in active use on almost a billion devices.

Here’s a simplified overview of how iMessage security works:

  • Each device tied to your iCloud account generates its own public/private key pair, and sends the public key to an Apple directory server. The private key never leaves the device, and is protected by the device’s Data Protection encryption scheme (the one getting all the attention lately).
  • When you send an iMessage, your device checks Apple’s directory server for the public keys of all the recipients (across all their devices) based on their Apple ID (iCloud user ID) and phone number.
  • Your phone encrypts a copy of the message to each recipient device, using its public key. I currently have five or six devices tied to my iCloud account, which means if you send me a message, your phone actually creates five or six copies, each encrypted with the public key for one device.
  • For you non-security readers, a public/private keypair means that if you encrypt something with the public key, it can only be decrypted with the private key (and vice-versa). I never share my private key, so I can make my public key… very public. Then people can encrypt things which only I can read using my public key, knowing nobody else has my private keys.
  • Apple’s Push Notification Service (APN) then sends each message to its destination device.
  • If you have multiple devices, you also encrypt and send copies to all your own devices, so each shows what you sent in the thread.

While features like iCloud Keychain and Keychain Backup use a different security approach, FaceTime uses a similar security mechanism as the iMessage, with complete end-to-end encryption.

“Technology runs through my veins...” | Follow me: @DrUsmanQ usman@iPhoneinCanada.ca

  • Dehop

    “If you have multiple devices, you also encrypt and send copies to all your own devices, so each shows what you sent in the thread”

    If I understand this correctly, this means that if you’re sending an iMessage from your iPhone with a 10 MB worth of images as attachments to 5 different iMessage recipients, and you are logged into iMessage on two other devices you own (Mac, iPad), then your phone has just encrypted the message for 7 different devices (5 recipients and 2 other “senders”), and if you’re on cell data you’ve now used over 70 MB just to send one message.

    Which is cool as far as ensuring security/privacy, but that could be an unexpected hit on your monthly data.

  • xeronine992

    Explain to me how when I receive a video through iMessage the quality is different depending on if I’m on WiFi or cellular at the time it’s downloaded. The only way I can see this being possible is if it’s somehow re-encoded before being transmitted to the end-user.

  • Dehop

    Could be the iMessage system knows your device is on wifi or cell the moment the sender sends the video, and the sender’s device encodes it differently.

    The real test would be to go into Airplane mode while on wifi so you disconnect from iMessage, then have a video sent to you. Then when you’re outside of wifi range, reconnect on cell and see what comes in.

  • Mr Dog

    Or the encrypted message goes once to the servers and apple then distributes it

  • Dehop

    That is inconsistent with this point:

    “Your phone encrypts a copy of the message to each recipient device, using its public key. I currently have five or six devices tied to my iCloud account, which means if you send me a message, your phone actually creates five or six copies, each encrypted with the public key for one device. “

  • It’s Me

    Your phone encrypts a copy of the message to each recipient device, using its public key. I currently have five or six devices tied to my iCloud account, which means if you send me a message, your phone actually creates five or six copies, each encrypted with the public key for one device.

    One possible hole here. When you send an iMessage to me, your phone will encrypt that message using my public key, which means that only I can decrypt it. Everything’s good so far. But in order for you to encrypt it with my public key, you need to obtain my public key. Apple does this for you by having your phone contact their servers to get my public key. Here’s the problem. But you have no way to verify that Apple has send you the proper key for my phone. That is, if Apple was in a position where they had to intercept messages to me, whenever anyone’s phone requested my public keys to send me a message, they could send me public keys for another device (remember, you send one message, you might use multiple keys to encrypt that message for multiple devices to receive), say for the FBI, and now the messages you send to me, also go to the FBI, and they have the private keys to decrypt that message.

    Obviously Apple has shown they will fight such requests but that doesn’t mean they will always win that fight. Compared to other systems, iMessage is pretty close to top of the game. It is true “end to end” encryption and very secure. A verification scheme could be developed but would be a pain in the backside for eneryone involved.

  • It’s Me

    I believe that you are right, that it does send multiple copies and so multiple times the data usage of a single message to a single person (since encryption on device is a requirement of true end-to-end encryption).

    But maybe that’s not unexpected. If you were to send that same 10 MB message to 5 people in 5 separate messages, you would expect 50MB in data used. I don’t think group messaging in iMessage was ever intended to be a data saver. It was meant to provide the convenience of a single conversation instead of 5.

  • Dehop

    It might be unexpected for those used to sending SMS/MMS, or traditional email. Because those are unencrypted, you send those once to the mail server, which then sends copies to the end recipient on your behalf.

    With end-to-end encryption though, the relaying server isn’t sending a byte-for-byte copy of your message, so 5 different recipients means 5 separate messages sent through the server.

  • It’s Me

    You are right, it might be unexpected for some, but that is literally dependent on their expectations of iMessage and of group messaging. If the expectation of a group message is just that you can have a group conversation, then this behavior is within expectations. If the expectation is reduced data, then this would be outside of expectations. And really, that’s what we are discussing, whether a group message should reduce data usage not whether it uses more data. Because it doesn’t use more than no groups, it uses less that no groups (but less than other multi-recipient transmissions). It’s a subtle distinction but important.

  • BeaveVillage

    iMessage encryption is good to see, still I’d love to see an iMessages client for iCloud.com, built right into the website, that I can log into from any web browser, username & password required of course, then I don’t have to sit by my phone or iPad when I’m at the computer.

    Mac OSX has iMessages, Apple would do wonders if it made a client for Windows 10.