Apple Platform Security
-
Welcome
-
Introduction
-
-
Services security overview
-
-
Apple Pay overview
-
Apple Pay components
-
Secure Element and NFC controller
-
Payment authorization
-
Transaction-specific dynamic security code
-
Pay with credit and debit cards in stores
-
Pay with credit and debit cards within apps
-
Paying with credit and debit cards on the web
-
Contactless passes
-
Render cards unusable
-
Suspending, removing, and erasing cards
-
Apple Cash
-
Transit cards
-
Credit and debit cards for transit
-
Student ID cards
-
-
Business Chat
-
FaceTime
-
-
-
Developer Kits overview
-
-
HomeKit identity
-
Communication with HomeKit accessories
-
Local data storage
-
Data synchronization between devices and users
-
Home data and apps
-
HomeKit and Siri
-
HomeKit IP cameras
-
HomeKit routers
-
iCloud remote access for HomeKit accessories
-
HomeKit TV Remote accessories
-
Apple TV profiles for HomeKit homes
-
-
CloudKit
-
SiriKit
-
DriverKit
-
Camera and ARKit
-
-
-
Secure device management overview
-
Pairing model
-
Passcode and password settings management
-
Configuration enforcement
-
Mobile device management (MDM)
-
Automated Device Enrollment
-
Apple Configurator 2
-
Device supervision
-
Device restrictions
-
Activation Lock
-
Lost Mode, remote wipe, and remote lock
-
Screen Time
-
-
Glossary
-
Document Revision History
-
Copyright

iMessage overview
Apple iMessage is a messaging service for iOS and iPadOS devices, Apple Watch, and Mac computers. iMessage supports text and attachments such as photos, contacts, locations, links, and attachments directly on to a message, such as a thumb’s up icon. Messages appear on all of a user’s registered devices so that a conversation can be continued from any of the user’s devices. iMessage makes extensive use of the Apple Push Notification service (APNs). Apple doesn’t log the contents of messages or attachments, which are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple can’t decrypt the data.
When a user turns on iMessage on a device, the device generates encryption and signing pairs of keys for use with the service. For encryption, there is an encryption RSA 1280-bit key as well as an encryption EC 256-bit key on the NIST P-256 curve. For signatures ECDSA 256-bit signing keys are used. The private keys are saved in the device’s Keychain and only available after first unlock. The public keys are sent to Apple Identity Service (IDS), where they are associated with the user’s phone number or email address, along with the device’s APNs address.
As users enable additional devices for use with iMessage, their encryption and signing public keys, APNs addresses, and associated phone numbers are added to the directory service. Users can also add more email addresses, which are verified by sending a confirmation link. Phone numbers are verified by the carrier network and SIM. With some networks, this requires using SMS (the user is presented with a confirmation dialog if the SMS is not zero rated). Phone number verification may be required for several system services in addition to iMessage, such as FaceTime and iCloud. All of the user’s registered devices display an alert message when a new device, phone number, or email address is added.