This is true. It's been proven to have happened in multiple court cases.
They can basically insert another "end" for the end to end encryption without any of the parties knowing.
You basically should never trust Apple / Google / Microsoft / Amazon / etc to handle your private information... ever. Use audited open-source messaging apps.
That article does not say what you claim it does. It’s about feds accessing imessage data via icloud backups, not by injecting keys to tap into conversations.
Using an “audited” app like signal on an iPhone still requires you to trust apple, because they could replace a library signal depends upon or they could just replace the whole app and you wouldn’t know. I also don’t know the extent to which we can verify that the app we get from the App Store is actually the audited version. I’ve always imagined signal could have secret code that gets included at compile time for certain platforms that could make it more vulnerable.
If we controlled all the code on our device and we could build the open source app ourselves that would go a long way. Otherwise you still have no choice but to trust your OS provider.
> You basically should never trust Apple / Google / Microsoft / Amazon / etc to handle your private information... ever. Use audited open-source messaging apps.
Nonsense. Understanding one’s own threat model is critical to deciding the acceptable amount of trust to place in these companies, but black and white thinking helps no one.
They can basically insert another "end" for the end to end encryption without any of the parties knowing.
You basically should never trust Apple / Google / Microsoft / Amazon / etc to handle your private information... ever. Use audited open-source messaging apps.