Secure Apple Messages for Business
Apple Messages for Business is a messaging service that allows users to communicate with businesses using the Messages app. With Apple Messages for Business, the user is always in control of the conversation. They can also delete the conversation and block the business from messaging them in the future. For privacy, the business doesn’t receive the user’s phone number, email address, or iCloud account information. Instead, a custom unique identifier called the Opaque ID is generated by the Apple Identity Service (IDS) and shared with the business. The Opaque ID is unique to the relationship between the user’s Apple Account and the business’s Business ID. A user has a different Opaque ID for every business they contact using Apple Messages for Business. The user decides if and when to share personal identifying information with the business and Apple Messages for Business service never stores conversation history.
Apple Messages for Business supports Managed Apple Accounts from Apple Business Manager and determines whether they are turned on for iMessage and FaceTime in Apple School Manager.
Messages sent to the business are encrypted between the user’s device and Apple’s messaging servers, using the same security and Apple messaging servers as iMessages. Apple messaging servers decrypt these messages in RAM, and relay them to the business over an encrypted link using TLS 1.2. Messages are never stored in unencrypted form while transiting through the Apple Messages for Business service. Businesses’ replies are also sent using TLS 1.2 to the Apple messaging servers, where they are encrypted using the unique public keys of each recipient device.
If user devices are online, the message is delivered immediately and isn’t cached on the Apple messaging servers. If a user’s device isn’t online, the encrypted message is cached for up to 30 days to enable the user to receive it when the device is back online. As soon as the device is back online, the message is delivered and deleted from cache. After 30 days, an undelivered cached message expires and is permanently deleted.