A Formal Analysis of Apple's iMessage PQ3 Protocol [pdf]

Original Article ↗ Hacker News Discussion ↗

iMessage E2EE vs iCloud Backups

  • Main criticism: Apple markets iMessage as end‑to‑end encrypted, yet by default a copy of the Messages-in-iCloud encryption key is stored in iCloud backup, letting Apple decrypt message history.
  • Turning off “Messages in iCloud” doesn’t fully solve it: messages then go into standard iCloud backup, which is not E2EE.
  • Net effect: unless cloud backup is fully disabled or ADP is used, Apple can read most iMessages, and law enforcement can obtain them in plaintext.

Advanced Data Protection (ADP) and Defaults

  • ADP makes iCloud Backup and Messages keys truly E2EE, but it’s off by default and unavailable in some regions (e.g. UK).
  • Even if you enable ADP, your messages remain exposed if recipients don’t, since their backups still contain decryption keys.
  • Some see ADP as “overkill” and note Apple already E2E-encrypts keychain, health data, etc. without ADP; they argue iMessage should be treated similarly.
  • Others argue ADP can’t be default because it creates irreversible data loss when people forget credentials, generating massive support burden.

Comparison to Google/Android Backups

  • Several comments claim Google’s message/phone backups have been E2EE by default for years, using the device screen lock code plus server-side secure elements to prevent brute force.
  • There’s debate about how strictly attempts/timeouts are enforced and whether this is meaningfully secure given short PINs; some later concede Google does use HSM-style protections similar to Apple.

Usability, Recovery, and “Grandma Problem”

  • Many users prioritize effortless device migration and password recovery over strong secrecy.
  • Concerns include: people losing devices, forgetting passwords, or not understanding hardware keys.
  • Some argue the average Apple customer expects Apple to be able to restore their data at a store with ID, which is incompatible with strict E2EE.

Apple’s Privacy Branding and Government Pressure

  • Several participants see a growing gap between Apple’s “privacy champion” marketing and reality: extensive default data collection, non‑E2EE backups, and expanding ad business.
  • Others counter that Apple’s core business is not advertising and that it generally treats data as a liability, unlike ad-centric competitors.
  • UK policy pressure is cited as a likely reason ADP is disabled there and possibly under-promoted elsewhere.

Control Over Others’ Backups and Features

  • One camp argues ADP is “a joke” if your chats are still in contacts’ readable backups; they’d like messages excluded from non‑E2EE backups or more granular controls.
  • Others object to senders dictating what recipients can do with received messages, warning about abuse and accidental large-scale data loss.
  • iOS offers global auto-delete for messages, but not per-chat disappearing messages; this is contrasted with other messengers.

Workarounds and Power-User Approaches

  • Some users disable iCloud Backup entirely and instead:
    • Supervise devices via Apple Configurator,
    • Back up iOS devices locally to a Mac (or tools like iMazing),
    • Then back up the Mac to a NAS or chosen cloud provider.
  • These options are seen as realistic only for power users; most people will remain on iCloud defaults.

Relation to the PQ3 Paper

  • The linked paper is recognized as a formal analysis of Apple’s new post‑quantum iMessage protocol PQ3, with a prior ePrint version noted.
  • Discussion, however, largely focuses on backup and key-management realities that can undermine the theoretical security guarantees PQ3 aims to provide.