Per-device keys

Every Apple device registers a keypair. Sender encrypts message N times — once per recipient device. Server only forwards ciphertext.

Advertisement

Per-device keys

Every Apple device registers a keypair. Sender encrypts message N times — once per recipient device. Server only forwards ciphertext.

Advertisement

APNs is the transport

Every device holds an APNs long-lived connection. iMessage delivery = special APNs payload. No separate connection needed.

Identity Directory lookup

To send to phone number X, sender queries Identity Directory. Gets list of active device keys. Encrypts N copies.

iCloud backup weakens E2E

By default, iMessage backups go to iCloud. Apple holds the key. Advanced Data Protection (opt-in) makes iCloud E2E too — Apple has no key.

SMS fallback

Sending to non-Apple = SMS (green bubble). Sending to Apple recipient = iMessage (blue bubble). Detected at Identity Directory lookup.