iMessage is encrypted — but your iCloud backup hands Apple the key (unless you turn on Advanced Data Protection)
iMessage is end-to-end encrypted, but by default the iCloud backup of those messages is encrypted with a key Apple holds — meaning Apple can produce them under legal process. Apple's Advanced Data Protection closes the gap, but it's opt-in.
01What actually happened
iMessage is end-to-end encrypted in transit, but the standard iCloud Backup is encrypted with keys Apple retains, so Apple can access backed-up message data and disclose it in response to valid legal demands. In December 2022 Apple launched Advanced Data Protection (ADP), which makes iCloud Backup, Messages in iCloud, Photos, and more end-to-end encrypted so only the user's trusted devices hold the keys. ADP is opt-in and off by default, so most users' message backups remain accessible to Apple.
02Why it matters
A message can be end-to-end encrypted and still be sitting in a provider-readable cloud backup — privacy that depends on a setting most people never enable isn't privacy by default. Cipher is zero-access by design with no provider-held backup keys, so there is no default backdoor for the company or anyone it's compelled to serve.
Sources
- Apple Support · Dec 2022Advanced Data Protection for iCloud
- Apple Support · 2024iCloud data security overview
We describe only what these sources report. If you think we've framed something inaccurately, tell us — accuracy is the whole point.
Cipher is built for exactly this gap: zero-access encryption, no phone number, on-device AI, and minimal metadata — so the failure in this story can't happen the same way.
See how the architecture works