Apple encrypts iMessage in transit while storing the key in readable backups
Google solved the encrypted backup problem in 2018. Why hasn't Apple followed?
Page 112. Footnote 4. That's where Apple's encryption promise unravels.
The company's 262-page Platform Security Guide, published January 2026, presents an impressive table of cryptographic protections. Most entries reassure: encryption in transit, encryption at rest, end-to-end encryption for sensitive categories. The row for "Messages in iCloud" declares end-to-end encryption. Follow the asterisk to footnote 4, and you find this: "When iCloud Backup is enabled, your backup includes a copy of the Messages in iCloud encryption key."
Return to the row for iCloud Backup. Under default settings, encryption is merely "in transit & on server." Apple holds the keys.
The implications are stark. Your iMessage conversations travel encrypted through Apple's infrastructure—but the key to unlock them sits in your backup, which Apple can read. The company that built its brand opposing Facebook's data harvesting and Google's advertising surveillance stores your message encryption key in a format it can access at will. Or whenever a government asks.
James Darpinian, a security engineer who worked on Chrome at Google, documented this paradox last year. His title was blunt: "Four incorrect beliefs you may hold about iMessage." His verdict was blunter: "I really believe it to be false advertising for Apple to claim 'end-to-end encryption' for iMessage when the vast majority of messages are accessible to Apple to read at any time."
Why defaults determine everything
Apple's standard response points to Advanced Data Protection, an optional feature offering genuine end-to-end encryption for backups, photos, and notes. Enable it, and your encryption keys live only on your devices. Apple cannot access the data, even under court order.
The operative word is "optional."
In 2003, economists Eric Johnson and Daniel Goldstein published a study that reshaped how we understand human decision-making. They examined organ donation rates across Europe. In opt-in countries, where citizens had to actively register as donors, participation hovered around 15%. In opt-out countries, where citizens were donors by default, participation exceeded 90%. Austria achieved 99.98%. Germany managed 12%.
The populations weren't different. When surveyed, Germans and Austrians held similar views on donation. The difference was a checkbox. A form. A moment of friction.
Richard Thaler won the Nobel Prize in economics partly for work building on such findings. His framework, developed with legal scholar Cass Sunstein, is called "choice architecture." How options are presented shapes outcomes as powerfully as what options exist.
Apple understands this perfectly. The company reports 95% of iCloud accounts use two-factor authentication—not because iPhone users are uniquely security-conscious, but because Apple made 2FA the default and nudged users persistently during setup.
Advanced Data Protection tells a different story. Apple made it optional, buried it in settings, and wrapped it in friction. Apple publishes no adoption figures, but security researchers estimate uptake in the low single digits. The company knows how to achieve mass adoption of security features. It chose not to.
The friction is the feature
Consider what happens when you try to enable ADP. Users report that Apple Fitness+ stops working on their televisions—the Watch can't pair. Web access to iCloud disappears. Attempting to disable the feature produces cryptic errors. Some have found that turning off ADP requires opening a support case with Apple, with resolutions taking weeks.
Three weeks. To turn off a security feature. The friction isn't a bug.
In the United Kingdom, the situation is starker. In February 2025, Apple withdrew ADP entirely after the government demanded backdoor access under the Investigatory Powers Act. Rather than comply, Apple disabled the feature for new users and announced existing users would eventually need to turn it off. Forty million British iPhone owners cannot enable end-to-end encrypted backups at all.
This is revealing. Governments don't ban ineffective security measures. The UK considered ADP threatening enough to outlaw. Which makes Apple's choice to keep it optional everywhere else harder to explain.
Google solved this in 2018
Seven years ago, Google made encrypted backups the default for Android.
The technical approach uses hardware security modules in Google's datacentres, built around their Titan chip. Your phone generates a random encryption key. That key is encrypted using your lockscreen passcode. The protected key lives on the Titan chip, which releases it only when presented with the correct passcode and permanently blocks access after too many wrong attempts.
Google hired the security firm NCC Group to audit the system. Their assessment: cryptographically sound. The protection has been automatic for every Android user since October 2018.
Apple could implement the same approach. In fact, Apple already does—selectively. iCloud Keychain, which stores your passwords, uses HSM-protected end-to-end encryption by default. So does Health data. The company has deployed this technology for years.
The question isn't capability. It's choice.
Twenty billion reasons
Court documents from the Justice Department's antitrust case against Google revealed that Apple receives approximately twenty billion dollars annually for making Google the default search engine in Safari. That's roughly 16% of Apple's operating profit.
The payment structure matters. This isn't a flat fee. Apple's share is tied to advertising revenue from Google searches on Apple devices—a percentage of ad click-throughs. Apple's income depends directly on the surveillance advertising economy it publicly criticises.
Then there's law enforcement. In January 2020, Reuters reported that Apple had abandoned plans for encrypted backups after briefing the FBI. One source said Apple "did not want to poke the bear anymore" following the 2016 San Bernardino court battle. Apple's Craig Federighi later called the account inaccurate, without specifying how.
When Apple finally introduced ADP in December 2022, the FBI immediately objected. "End-to-end and user-only-access encryption... hampers our ability to protect the American people," a spokesperson told reporters.
Whatever happened internally, the observable pattern is consistent: Apple waited until 2022 to offer encrypted backups, made the feature opt-in, attached friction that discourages adoption, and in Britain withdrew it entirely under government pressure.
Real security, limited protection
The critique requires precision. Apple's security engineering is genuinely sophisticated. The Platform Security Guide documents remarkable achievements: Firebloom modifies the C compiler to prevent memory vulnerabilities in the bootloader; the Secure Enclave provides hardware isolation for cryptographic operations; Memory Integrity Enforcement on the latest chips blocks entire attack classes.
These aren't fabrications. Apple employs talented engineers doing serious work. The company fought the FBI over the San Bernardino iPhone. It withdrew features rather than build UK backdoors.
But capability and protection aren't synonymous. A lock that 95% of users never engage provides 95% less security than the architecture permits. Apple built impressive cryptographic infrastructure while leaving most doors unlocked by default.
The cryptographer Matthew Green, who has studied iMessage vulnerabilities for a decade, captured the absurdity in a recent post: Apple "spent time adding post-quantum encryption to its iMessage protocol—this means Apple users are now safe from quantum computers that don't exist. And yet users' most intensely private secrets can still be read off their phone or from a backup by anyone who can guess their passcode."
What this actually means for you
If you use default settings, Apple can read your iCloud backups and extract your iMessage encryption keys. Your messages travel encrypted between devices but are stored in a form Apple controls.
If you enable ADP, your backups become genuinely inaccessible to Apple—but only for your end of conversations. Unless everyone you message also enables ADP, their copies of your conversations remain readable in their backups. Given adoption rates, that's essentially everyone.
If you want protection that doesn't depend on others' choices, you need a different app. Signal encrypts by default and doesn't back up messages to cloud services by default. It recently introduced encrypted backups for those who want them.
Apple's security architecture isn't a fraud. The company invests genuinely in protection. But the defaults—the choices about what users receive without action—tell a different story than the marketing.
Google made encrypted backups automatic in 2018. The technology exists. The user experience works. Recovery is tied to a passcode people already know. Seven years later, Apple still requires opt-in, still attaches friction that suppresses adoption, and in one major market has withdrawn the option entirely.
The company's technical capability isn't in question. Its choices are.