Apple does not log messages or attachments, and their contents are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple cannot decrypt the data.
I still think this is misleading because it ignores the fact that iCloud backups are encrypted with a key that’s in Apple’s possession. We know this because you can buy a new iPhone and restore your backup simply by entering your Apple ID and password. And we know that your password itself is not the key because Apple’s support people can restore your account access if you forget your password.
The other important point is that, since Apple’s servers are handing out the keys, Apple could easily be the “man in the middle” if it ever wanted to intercept messages. In other words, the security in iMessage is purely due to policy (trusting that Apple is not doing this) rather than the architecture or something that we can verify.
The white paper is well worth reading, though I’m not sure why everyone is treating it as a new document, rather than an update to the previous version.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.