Skip to main content

Despite FBI whining, iMessage isn’t invincible after all, researcher claims

how to save text messages
Kritchanut/Shutterstock
FBI director James Comey has been campaigning against Apple and Google’s decision to introduce “end-to-end” encryption on the companies’ respective smartphones since they announced it last fall. Most recently, Comey testified before the Senate Judiciary Committee about the dangers of encryption and asked Senators to pressure tech companies into rolling it back so that the contents of smartphones would be accessible to law enforcement. Comey argued that criminals are “going dark,” hiding evidence of their wrongdoing behind encryption that his agency cannot break.

However, Comey’s arguments about encryption don’t align with how iPhone encryption actually works, claims computer-security researcher Nicholas Weaver. In a post on the blog Lawfare on Tuesday, Weaver points out that, even if encryption protects the contents of your iMessages, the FBI can still obtain plenty of information about you from your iPhone — for instance, your location data and your iMessage metadata would both be accessible to law enforcement with a warrant.

Recommended Videos

Crucially, Weaver also points out that iPhone users who enable iCloud backups would be vulnerable to a FBI search warrant. iCloud backs up the contents of messages to Apple’s servers, making the messages themselves easily accessible — a far cry from the inaccessibility described by Comey before the Senate Judiciary Committee.

Please enable Javascript to view this content

“Finally, there is iMessage, whose ‘end-to-end’ nature, despite FBI complaints, contains some significant weaknesses and deserves scare-quotes,” Weaver explains. Even though Apple CEO Tim Cook has claimed that there is no way for the company to read users’ iMessages, Weaver points out that it is possible to compromise the cryptography used to encrypt these messages.

Some encryption systems use a public keyserver, where users can look up and independently verify each other’s keys. However, Apple’s keyserver is private, so users have no way to independently verify each other’s keys. Apple could collaborate with law enforcement to provide a false key, thereby intercepting a specific user’s messages, and the user would be none the wiser. Weaver writes, “There remains a critical flaw: There is no user interface for Alice to discover (and therefore independently confirm) Bob’s keys.  Without this feature, there is no way for Alice to detect that an Apple keyserver gave her a different set of keys for Bob.  Without such an interface, iMessage is ‘backdoor enabled’ by design: The keyserver itself provides the backdoor.” Weaver says this vulnerability could also be used to tap into FaceTime calls.

“If one desires confidentiality, I think the only role for iMessage is instructing someone how to use Signal [an open-source encrypted messaging app],” Weaver concludes.

Kate Conger
Former Digital Trends Contributor
Kate is a freelance writer who covers digital security. She has also written about police misconduct, nail polish, DARPA…
One of our favorite Android phones just got its own iMessage app
Nothing Chats app on a. phone.

Nothing is trying to bridge the great blue/green bubble divide for Android users of iMessage. This is not a personal crusade to shatter walls and open windows, as much as Nothing CEO Carl Pei would want you to believe that. Instead, Nothing is piggybacking on tech created by New York-based startup Sunbird. 
Technically, the Sunbird app can be installed on any Android phone and it features a blue bubble for all iMessage text exchanges involving an Android phone. No more green bubble shame that could get you kicked out of groups for disrupting the harmony or even slim your dating chances. That’s how bad it is! 
Nothing is adopting the Sunbird tech and bundling it as its very own app under the name Nothing Chats. But here’s the fun part. The app only works on the Nothing Phone 2 and not the Nothing Phone 1. And this life-altering boon will only be bestowed upon users in the U.S., Canada, the U.K., or the EU bloc.

The app is currently in the beta phase, which means some iMessage features will be broken or absent. Once the app is downloaded on your Nothing Phone 2, you can create a new account or sign up with your Apple ID to get going with blue bubble texts. 
Just in case you’re concerned, all messages will be end-to-end encrypted, and the app doesn’t collect any personal information, such as the users’ geographic location or the texts exchanged. Right now, Sunbird and Nothing have not detailed the iMessage features and those that are broken. 
We made iMessage for Android...
The Washington Post tried an early version of the Nothing Chats app and notes that the blue bubble system works just fine. Texts between an Android device and an iPhone are neatly arranged in a thread, and multimedia exchange is also allowed at full quality. 
However, message editing is apparently not available, and a double-tap gesture for responding with a quick emoji doesn’t work either. We don’t know when these features will be added. Nothing's Sunbird-based app will expand to other territories soon. 
Sunbird, however, offers a handful of other tricks aside from serving the iMessage blue bubble on Android. It also brings all your other messaging apps, such as WhatsApp and Instagram, in one place. This isn’t an original formula, as Beeper offers the same convenience.

Read more
I love Apple, but it’s totally wrong about iMessage and RCS
An iPhone 15 Pro showing the main iMessage screen.

I’ve been using an iPhone ever since 2008, starting with the original and then every generation since. For several years, the iPhone was only capable of SMS texting, with MMS support arriving with iOS 3 in 2009.

But in 2011, Apple created something new: iMessage. It first arrived on iOS and then went to the Mac in 2012 to replace iChat. iMessage is basically an instant messaging service that is exclusive to all Apple products: iPhone, iPad, Apple Watch, and Mac. You can send text, images and video, documents, rich preview links, stickers, and more between one another. You can also see if a message is delivered, send read receipts (if you want), and everything is encrypted. With iOS 16, you can even edit and unsend messages within a certain time frame.

Read more
The iPhone’s futuristic satellite tech isn’t coming to Android any time soon
The Google Pixel 8's screen.

It could take a while before Android phones allow satellite connectivity to assist users in emergency scenarios, thanks in no part to Qualcomm canceling its ambitious Snapdragon Satellite plans. Apple introduced satellite SOS support last year with the iPhone 14 series, with the intention of helping people when they are out of cellular or broadband coverage range.

The feature allows you to text emergency responders, share locations, and request roadside assistance. But not long after, hope emerged for Android phones. Earlier this year, Qualcomm announced Snapdragon Satellite, with the goal of aping Apple’s initiative for Android phones.

Read more