Apple’s iMessage is message is back in the news again, though not for pornographic GIFs this time but for a perceived violation of privacy where the company can provide law enforcement with a list of those you’ve been contacting via iMessage if presented with a valid warrant.
Report from The Intercept today provides details
The report published today made it quite clear that Apple is not saving the content of messages sent with iMessage, but is logging those that you try to message and those you do message.
By attempting to use iMessage to contact someone, the report says that iMessage pings Apple’s servers to look for an iMessage account. Whether or not the person has an iMessage account doesn’t matter, Apple will know and log this information.
“In some cases, we are able to provide data from server logs.”
Additionally, beyond the contact, Apple is logging the date and time you made your attempt as well as IP information from both parties.
If you are worried about this, please know that the log is meant to be destroyed after 30 days and Apple will not be keeping it forever, if they are to be believed. Certainly, Apple has plenty of storage space at its many data centers so the paranoid will likely take no solace in this 30-day caveat.
According to The Verge, a log may or not be made every time iMessage is used but it certainly could be. The report from The Intercept points out that this information in the report came from a law enforcement agency in Florida that explains what information Apple has that it could by subpoenaed for if needed.
Apple met the report with a statement that points out that they will not share this information unless they are served with a “valid” subpoena or court order. “In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices,” Apple told The Intercept. “We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.”
iMessage encryption and pornography
Apple maintains the encryption on iMessage makes it so that even if the Justice Department had a warrant, Apple couldn’t provide message details do to its robust encryption, however, the New York Times pointed out earlier this month that wiretapping is possible as iMessage doesn’t allow for the verification of encryption keys when reading or sending messages.
In the article, Nicholas Weaver a senior researcher from the International Computer Science Institute, explains how say the FBI could read encrypted messages that use iMessage’s EES servers.
Say Alice, an iMessage user, sends Bob a message. Apple sends Alice Bob’s encryption keys, using this Alice’s iMessage device encrypts the data and sends this to Apple and Apple forwards it to Bob where he decrypts it.
But, as Weaver points out, what if Apple sends the wrong encryption keys?
“Without such an interface, iMessage is “backdoor enabled” by design: the keyserver itself provides the backdoor,” Weaver writes on the Lawfare Blog.
“[In that case] the FBI (but not Apple) can decrypt all iMessages sent to Alice in the future,” Weaver continues. Likewise, by adding another FBI key to all messages that Alice sends herself, it would be possible for the agency to snoop all of her outgoing texts too.
So until, Apple fixes this don’t think too highly of iMessage encryption.
Apple’s pornography problem with iMessage
Following the release of iOS 10 earlier this month in its final iteration which shipped with both the iPhone 7 and iPhone 7 Plus and was offered as an upgrade for download to older iPhones and iPads, Apple found itself a bit red-faced when it discovered in the new GIF search in iMessage allowed for finding pornographic GIFs for users to share.
Apple has long had a moratorium on pornography in the iTunes Store as well as in its own and third party apps.
The problem was first discovered by the website Deadspin that pointed out that iMessage users were granted access to “very easy-to-find” hardcore pornography. Big d*cks and large breasts were revealed by the search of the word “huge” more than Donald Trump did though it could certainly be said that he is among the former discovered in search.
This error occurred due to its search algorithm that is largely powered by Bing.
That saw Apple forced to work quickly to limited search terms.
“Its only censorship method thus far seems to be blocking potentially problematic words like ‘boobs’ and ‘penis’ and — as of this morning — ‘butt,'” Deadspin wrote. “There’s no reason for Apple to think that the word ‘huge’ would bring up anything more than, say, a particularly large pillow or strawberry”.