Here’s how to safely use iMessage and the Messages app

0
63

iMessage is well secured by Apple, so messages cannot simply be intercepted by hackers. Still, there are a few things you should know to safely use iMessage and the Messages app on your iPhone, iPad, and Mac.

iMessage is a messaging service from Apple. Usually it works without any problems, but sometimes things can go wrong: messages do not arrive and in exceptional cases the messages end up with the wrong person. Fortunately, these are exceptions and there’s a lot you can do to keep your iMessages safe. This tip will help you with that.

  • iMessage security
  • Tip 1: iCloud backup for iMessage
  • Tip 2: Secret email address
  • Tip 3: Exchange SIM cards
  • Tip 4: Share iOS device

All details about the security of iMessage and other Apple services can be found on this page at Apple.

Security of iMessage messages

Apple uses encryption to encrypt the messages from iMessage. This only applies to messages sent between iMessage users. Messages sent as SMS to, for example, an Android device are not encrypted.

With iMessage and FaceTime, Apple uses end-to-end encryption. The messages are encrypted on your device and are only unpacked when they reach the recipient. So Apple cannot decipher the messages as they travel between two devices. A hacker can intercept your messages, but cannot read them. For this, a hacker must have a unique key, which only the recipient has.

This does not mean that the messages are guaranteed to be 100% secure: eventually any form of encryption can be cracked. However, that chance is quite small, especially if you are an ‘average’ person. Targeted attacks usually target well-known individuals such as politicians or artists.

Tip 1: Disable iCloud backup for iMessage or end-to-end encryption

Do you want maximum security? Then it is best to disable the iCloud backup for iMessage. No messages will then be stored on Apple’s servers. You do this as follows:

  1. Open the Settings app.
  2. Tap your profile picture at the top of the screen.
  3. Choose iCloud.
  4. Turn off the switch under Messages.

However, this entails risks, because you then have no external backup of your messages. If your iPhone breaks or is stolen, you will also lose your iMessages.

Fortunately, there is a solution: you can enable end-to-end encryption of iMessage backups. This is possible thanks to the Advanced Data Protection feature, which will be available globally from early 2023. You can optionally provide your backups of iMessage messages with end-to-end encryption.

Advanced Data Protection

If you do not enable this, your messages will be stored on a server at Apple. This also includes a backup of your private key (this is the key needed to decrypt the messages). If Apple is forced to hand over your message history, for example to the government, you can do so with this key.

Apple keeps this backup of your private key not so much to help governments, but more so that you can regain access to your messages if something goes wrong with your trusted devices or if you forget your password. If you opt for full end-to-end encryption, Apple will not have the key and you cannot be helped in an emergency. So this is a conscious choice.

If you choose to disable iCloud backups for iMessage, it’s good to know that this only applies to your own message database. If the recipient does make iCloud backups for themselves, your messages will also be found there on Apple’s servers. All participants will therefore have to take measures for super secret message traffic, namely:

  • All disable iCloud backups for iMessage.
  • Enable all end-to-end encryption for iMessage backups on iCloud messages.
  • All switch to a secure messaging service like Signal.
  • Also, it only applies to future messages. If you’ve previously exchanged messages with someone that were stored on iCloud, they may still be present in an older backup. So first turn off your iCloud backup and only then start exchanging your biggest secrets.

    Tip 2: Use a secret email address for iMessage

    If you know someone’s email address or phone number, you can also send them a message. Even if they are not your friend. Some other messaging services require someone to accept you as a friend in order to chat with each other. This is not the case with iMessage: you can be reached on the basis of just your e-mail address or your telephone number.

    The recipient immediately gets an unmissable pop-up on the iPhone screen. If you’re worried about being harassed, it’s best to create a separate email address for iMessage and only disclose it to your closest friends.

    Unfortunately, Apple makes it difficult at this point, as they try to match your Apple ID to as many email addresses as possible. That’s for convenience, so that people can always reach you in one place, regardless of the email address used: in iMessage. But it can also be annoying.

    iMessage on the Apple Watch with Scribble and Apple Pay buttons.

    Tip 3: Do not exchange SIM cards

    A long time ago, the story circulated that private messages from an Apple Store employee had been leaked. The man worked as a Genius in the Apple Store and had inserted his own SIM card into a customer’s iPhone during work to test something. The Apple employee’s mobile number was therefore linked to the customer’s Apple ID account. The customer then received all kinds of messages, which put the sex life of the Apple employee on the street. Apple responded that the employee had not followed the correct protocol.

    This shows that you shouldn’t just put your SIM card in an iPhone, for example to test something. Since then, Apple has taken measures to prevent this. But if you work with prepaid SIM cards and often change numbers, it may happen that you receive a message that was intended for the previous user of the SIM card.

    Changing SIM cards also plays a role in so-called SIM card swapping. In doing so, the account of an unsuspecting user is taken over by swapping SIM cards. Malicious people can then get their hands on two-factor codes and other access codes to log into various accounts and commit identity fraud.

    Tip 4: Don’t share your iOS device with multiple people

    A major flaw with iMessage is that you can’t set a password or PIN for messages. While you can password protect notes, iMessages cannot. If someone has access to your iPhone, they can also read your entire iMessage message history. So be careful not to give anyone access to your iPhone.

    This is especially a problem with iPads, which are used by several people in a family. Children can then, for example, view the iMessages of father or mother, if the device is registered to this Apple ID. You can fix this by creating a separate family account through Family Sharing.

    If this does not work, you can ensure that notifications from iMessage do not appear on screen while playing a game. Other users will then not see a new message arrive (but will still be able to manually open the app and browse through the messages). You can also protect iMessage with an app limit or parental controls in Screen Time.

    With services like iMessage, messages are stored on a central server. From there, they sync with devices registered to a particular Apple ID. Skype, WhatsApp, Telegram and other messaging services also work that way. That’s handy, because as soon as you enter your account details on a new device, you have all previous messages immediately at hand.

    More tips on iMessage? We have!

  • The best iMessage apps and stickers for iPhone and iPad
  • This is how you set a profile picture and screen name for iMessage
  • This is how you stick stickers in iMessage conversations
  • Easily convert words to emoji in iMessage

Previous articleFor these reasons The Simpsons have never had a spinoff
Next articleEdge’s PDF reader allows you to translate documents: this is how it works