Per-device keys
Every Apple device registers a keypair. Sender encrypts message N times — once per recipient device. Server only forwards ciphertext.
Per-device keys
Every Apple device registers a keypair. Sender encrypts message N times — once per recipient device. Server only forwards ciphertext.
APNs is the transport
Every device holds an APNs long-lived connection. iMessage delivery = special APNs payload. No separate connection needed.
Identity Directory lookup
To send to phone number X, sender queries Identity Directory. Gets list of active device keys. Encrypts N copies.
iCloud backup weakens E2E
By default, iMessage backups go to iCloud. Apple holds the key. Advanced Data Protection (opt-in) makes iCloud E2E too — Apple has no key.
SMS fallback
Sending to non-Apple = SMS (green bubble). Sending to Apple recipient = iMessage (blue bubble). Detected at Identity Directory lookup.