According to this screenshot, it appears they do: https://twitter.com/norbertmao/status/1463364241688305664
[*] If you enable "Messages" sync in iCloud, encrypted message history is synced across your iCloud devices in an E2E manner.
Syncing messages across your devices is very much different than backing up your iPhone to iCloud.
The above should be pretty well known by now, but unfortunately isn’t the case.
If someone wants to dispute my comment, please cite supporting evidence.
Also imagine another bug that allows someone to spoof the 'from' or hell even send a message that looks similar, basic phishing.
Like: This is apple. Click this link to secure your account you are being hacked (literally). Seems like a bad precedent. But I guess there isn't a great way to securely communicate. Maybe just say google the official apple 1800 number and enter this secret number pad code.
The problem is authenticity and authority, not encryption. How can the user know this message really came from Apple and not a spammer?
And even if there were a spam problem, the risk is mostly on the upside anyway. It would only be an issue if iMessage got a reputation for flooding people with admonishments to take security seriously, purportedly from Apple.
[1] https://support.apple.com/en-us/HT206906
[2] https://9to5mac.com/2021/07/19/zero-click-imessage-exploit/
Your anecdotal lived experience is not representative of the entire population.
I personally have encountered at least a dozen spam iMessages (not SMS) in the past year, and several friends of mine have described the same experience. I googled iMessage spam and this was on the second page, just from last year: https://thisrupt.co/lifestyle/imessage-spam-not-thai-chana/ Feel free to research yourself to discover that it is in fact a widespread issue for many people, if not as widespread as it once was since the "Unknown sender" tab was introduced.
Regardless, SMS spam remains an issue, and on iOS, many users may not know the difference, as they're in the same app.
> And even if there were a spam problem, the risk is mostly on the upside anyway. It would only be an issue if iMessage got a reputation for flooding people with admonishments to take security seriously, purportedly from Apple.
You're missing the point. iMessage spam (though it does exist as I've shown above) is not the problem. The problem is iMessage doesn't have a good way to "verify" that messages that purport to be from Apple or anyone else truly are from a known and trusted sender. This deficiency is what enables iMessage spam, and creates the same potential for abuse with this new feature.
There was even an article on HN a couple days ago about a money transfer service phishing scam whose initial message looks very similar to this message from Apple.
I think a LOT of people will fall for phishing with cold messages that look like this
Read the document of the original top post (the document from Apple).
The answer to your question is right there in the document.
