Apple Updated Its Platform Security Guide

Howard Oakley:

Don’t be put off by its title: Apple Platform Security Guide is mandatory reading for all advanced Mac Users, and the only way we get to learn about important details of macOS, iCloud, and much else.

If you prefer this document with a little more gravitas, Apple also provides it in PDF format. Max Zinkus tweeted a thread of notable new sections and updates, like this one:

First interesting deletion in the Messages for Business Chat (those grey iMessage conversations with Apple or a supported business support text line).

May 21: “The Business Chat service never stores conversation history.”

And then May 22: *gone*

This is part of a broader question about whether Apple could switch any iMessage discussion to Messages for Business Chat, which has looser security and privacy standards than peer-to-peer iMessage.

iMessage itself retains a misleading description of its security architecture:

[…] Apple doesn’t log the contents of messages or attachments, which are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple can’t decrypt the data.

This remains true of iMessage in isolation. But Apple’s law enforcement guidelines (PDF) continue to indicate iMessages may be provided by subpoena if iCloud Backups or Messages in the Cloud are enabled.