Bad News Confirmed For 1.3 Billion Apple iMessage Users

/in


Yes, Apple’s iPhone is materially more secure than Android and yes, Apple still leads the way when it comes to your privacy. But there is a huge exception to the Cupertino giant’s security- and privacy-first approach, one that impacts a billion-plus iPhone and iPad users. And we had stark confirmation this week that Apple is stubbornly refusing to step up to the plate and fix it.

We’re talking iMessage—Apple’s ubiquitous messaging platform. We all know that texting between iPhones and Androids is a pretty awful throwback to the early days of SMS. “It’s not about the color of the bubbles,” Google says. “It’s the blurry videos, broken group chats, missing read receipts and typing indicators, no texting over Wi-Fi, and more.”

But as fun as all these features would be, there’s a much more serious issue lurking in the background. iMessage has been central to Apple’s wider security challenges over the last year. Sophisticated (read national security level) cyber attacks have been found exploiting its architecture, and Apple has hardened the platform as a result. But there’s a much bigger problem that still hasn’t been fixed.

As much as we read about nation state level attacks, these impact just handfuls of users. You might be better protected from Chinese cyber-spies, but if you reuse passwords, click on dangerous links and casually open email attachments, then you, your data, your bank balance are far more at risk.

And so it is with iMessage. While Apple has sandboxed messages, plugging high-risk gaps, its end-to-end security only protects you while you stay enclosed within its ecosystem. As soon as those blue bubbles turn green, as soon as you text someone with an Android device in their hand, all bets are off.

Until fairly recently, there was no solution to this. Google had no real alternative to iMessage. The carriers were slowly deploying SMS v2, known as RCS or Rich Communication Services, but that still relied on the archaic SMS architecture that bounced from carrier to carrier, exposing data to all along the way. Google stepped in to fix this. First by taking over responsibility for driving RCS adoption across its user base. And then,…

Source…