Think iMessage Is Safe? China Region Users Have Long Been Exposed
- Does iMessage actually have a “monitoring risk”?
iMessage does use end-to-end encryption. Only you and the other party can decrypt the messages, and even Apple servers cannot see the content.
But many Chinese users do not know this: as long as you have iCloud backup turned on and have not enabled Advanced Data Protection, locally decrypted chat records are directly uploaded to Guizhou-Cloud Big Data, an Apple data center operated by a Chinese state-owned enterprise.
In other words, although “message content” is encrypted, who you chatted with, what account you used, and where the chat backup is stored can all be obtained.
- What is Guizhou-Cloud Big Data, and can it manage my iMessage?
Guizhou-Cloud Big Data is the data center Apple was required by the Chinese government to establish. Since 2018, all China-region users’ iCloud data must be stored there.
Apple publicly says, “We manage the encryption keys ourselves.” But the problem is that China-region accounts must be real-name bound to a +86 phone number. Once there is cooperation with an investigation, identity is immediately exposed.
The more critical vulnerability is that iMessage images and voice attachments are also uploaded to iCloud storage. If you have not enabled Advanced Data Protection, the files themselves may be encrypted, but the usage records are fully exposed.
- Think using a US Apple ID makes you safe? Do not celebrate too early.
Many people think switching to a US Apple ID avoids the risk. But if you are still in mainland China and using a China-market iPhone, access points for all Apple services are still domestic and may still go through Guizhou-Cloud routes.
Data for foreign-region IDs may theoretically return to the United States, but it still first passes through the Guizhou transit point, leaving metadata about who you are and whom you chatted with.
- Want safer iMessage chats? These five steps are necessary.
Use an Apple ID different from your system account specifically for iMessage. A US-region account is recommended. Do not use a real-name China-region account.
Set iMessage to use only an email address as the communication account, without binding a phone number.
You must turn off iMessage iCloud backup, or enable Advanced Data Protection.
Set chat records to delete automatically after 30 days. Do not turn message history into an evidence warehouse.
After using voice messages, remember to delete them manually. They are saved for two minutes by default.
Apple’s encryption is not the problem. The problem is that you did not turn off iCloud.
Apple did encryption, but you opened a large back door yourself: iCloud.
Guizhou-Cloud may not get your message content, but it can get who you are, whom you chatted with, and how long ago you spoke.
So stop saying “iMessage is very safe.” The algorithm is safe. Your settings are not.
#privacy-security #iMessage #GuizhouCloud #end-to-end-encryption #Apple-privacy