Are you sure your iMessage is encrypted? Blue

Do you know when Apple Messages send end-to-end encrypted messages?

This note might look unusual but it was sparked by continuous questions I receive about communication confidentiality. If you’re well-versed in security and privacy technology - feel free to skip, most likely you won’t find much things of interest today (unless you seek a story about UX, accessibility and security technology awareness). Otherwise - read on. I intend to make this post accessible to all.

When people ask me about how to protect their communication, I usually reply with a number of questions and offer an answer fit for their needs and the potential risk. But this post is uniquely devoted to Apple iMessage, perhaps one of the most accessible and well designed systems offering strong communication security.

Apple iMessage offers end-to-end encryption (E2EE). In simple terms, it means that only the conversation participants (i.e. sender and receiver) are able to see the contents of the message. Here’s a possibly puzzling thing: I still encounter surprisingly many non-tech people unaware how to enable end-to-end encrypted iMessage and do not use it. Those people either do not know what E2EE is, or they do and assume iMessage is always on. To them, it is surprising to find out that this is in fact not always the case. In such a scenario, a user ends up sending unencrypted messages, which are transferred as an old-school cellular network texts (SMS). This kind of message:

is not encrypted
its metadata (sometimes data) is usually stored by the telecommunication operator due to data retention laws

If you’re concerned with the second point in a country you currently happen to be (live, travel, etc.), consider turning on E2EE.

In reality, chances are that you need to manually enable iMessage (and consequently, E2EE). I will simply tell you how to do it.

First things first, check if E2EE is enabled. Open Messages, and then a conversation (or a few of these) - try to look for messages written in blue. Blue means E2EE is enabled and your messages are sent in a secured manner. If it’s green - E2EE messaging is either not enabled, or the recipient’s system does not support it, so either try looking through a number of conversation or go outright to Settings, iMessage:

Switch the setting to enable iMessage:

If you never intend to send SMS, keep “Send as SMS” turned off (this probably might complicate your life, though), too.

Then simply make a test again. Here is how E2EE encrypted (iMessage) messages look like:

If you’re unaware when your message will be sent in an encrypted format, look at this icon:

Again, blue indicates that both end points support (encrypted) iMessage. Observation: in this way you can reason whether your communication party supports encryption (in other case, perhaps consider sending him a link to this note? Thanks!).

To put it in simple terms, reducing the number of communication participants from two endpoints and an intermediary to just two endpoints, is not only about convenience but perhaps more importantly - strong communication confidentiality. End-to-end encryption is a substantial security and privacy improvement, but also a risk reduction that communication contents are going to leak.

Summary

Encryption in iMessage is nicely explained by Apple in their FAQ, but I find that the awareness tends to be low in certain circles, in particular among journalists . This was the primary motivation for writing this post.

Communication confidentiality is made of both technology and awareness (e.g. operational security). There are some good general-purpose solutions, but for some people, specially tailored approach reflecting their specific situation might be better. However, it’s sound to say that iMessage is better than just Message.

So in conclusion, blue is good, green is red.

Happy chatting.

Security, Privacy & Tech Inquiries

Are you sure your iMessage is encrypted? Blue > Green.

Summary