🥂More secure communications

I was reading about iMessage's forthcoming Contact Key Verification (CKV) available in developer previews of iOS 17.2, macOS 14.2, and watchOS 10.2. It's a new feature designed to verify that you're messaging with the person you intend in order to prevent sophisticated MITM attacks. It's similar in concept to existing features available on other messaging platforms.

• WhatsApp: Security code
• Signal: Safety number
• Telegram: Contact key
• Wickr Me: Key Verification

While the technical specs haven't been released the high-level overview explains the following features:

1. User-Controlled Verification: Instead of relying on third parties, user devices themselves check the authenticity and consistency of keys, enhancing security.
2. Enhanced Security: The system is designed to protect against both key directory compromise and compromise of the transparency service (which manages verification.)
3. Verifiable Data Structure: To protect the transparency service Apple uses CONIKS (a key management system for ensuring communication is genuine and untampered), that efficiently logs and confirms alterations so that it's auditable.
4. Publicly Available, Privacy-Preserving Logs: Users' iMessage identifiers are masked using cryptographic methods, aligning with privacy measures like WhatsApp's AKD.
5. Fast Updates: The verifiable map in the system efficiently handles cryptographic key alterations, generally merging any changes within minutes for consistent and secure communication.
6. Immediate Verification: The service introduces Signed Mutation Timestamps (SMTs), which are proofs that validate device keys on-the-spot, ensuring iMessage remains quick and user-friendly.

Apple announced they plan to release a complete technical walkthrough soon. I look forward to security experts' take on it when that happens. For now, it sounds like this new feature elevates the technical standard for verifying contacts while messaging with them.

Consumer-friendly execution of security features is often lacking. The manual verification flow still looks a bit too technical for mainstream adoption and I presume CKV will only be adopted by the most security conscious.

The introduction of enhanced security features like CKV could have compliance implications, particularly in countries like China where Apple is mandated to store user data on government-controlled servers. This additional layer of security could complicate efforts for state-initiated cyber attacks, or at least present a significant additional hurdle, to government surveillance. Assuming CKV can be enabled (and disabled) regionally, the feature could both improve user privacy and position Apple more favorably in terms of compliance with local privacy and cybersecurity regulations.

Considering that Apple Messages is often targeted in advanced cyber attacks, this new feature could act as a robust defense against complex exploits. iMessage, blue message bubble, is limited to Apple's ecosystem, while SMS, green message bubble, is accessible on any phone regardless of the OS. Presumably, CKV only protects iMessages and does not protect SMS messages. It wouldn't be surprising to me if Apple has a desire to further isolate SMS on Apple devices over time, and if this new iMessage feature in Apple Messages was designed to be a part of that strategy. That said, the rumours of the death of SMS have been greatly exaggerated!

Though Apple has often faced criticism for its service design, Apple Messages stands out as a highly reliable and popular platform. Although the current approach to CKV may not appear to cater to mainstream users, the possibility of broad adoption of platform-specific features that establish a competitive advantage raises concerns about their potential impact on different service providers. While this sounds like a total stretch today further siloing of SMS messages isn’t totally out of the question. For example, would you interact with SMS messages on your phone if you've been conditioned to view iMessages as more secure? Additionally, what guarantees, if any, will Apple provide for SMS delivery given that users might one day be able to disable delivery of any unverified messages?

1. SMS Gateway Providers: Indirect impact; a potential reduction in SMS usage might lead to financial losses.
2. SMS Marketing Platforms: Likely affected; the effectiveness of SMS marketing may decline.
3. Communications Platform as a Service (CPaaS): They stand to benefit if they can integrate quickly; otherwise, they risk financial losses from a reduction in delivery of messages.
4. Application-to-Person Providers (A2P): Potentially significant impact; these providers would need to adapt fast to reliably deliver messages (if possible.)

A growing number of services are beginning to use an open protocol called Matrix for decentralized, secure communications. It will likely take awhile to determine whether it's possible for third parties to support CKV. I filed a feature request for CKV in the Matrix iOS SDK issue tracker as a way to simply stay abreast.

The debut of Apple's CKV is a positive step for users who place a value on secure messaging. It's especially beneficial for those most vulnerable to sophisticated attacks and represents another major messaging provider pushing the industry toward stronger security standards.

Assuming the feature is opt-in, I don't expect significant adoption of CKV. However, I do foresee a steady shift towards Apple adding additional security and privacy features to iMessage. Given how much messaging in Apple Messages are iMessage’s this shift may begin to educate users about the security risks of SMS. I suspect that it will likely necessitate third-party service providers to adapt in order to continue delivering messages within Apple Messages. They may need to integrate new features, come to terms with reduced visibility in iMessage, and / or develop competitive alternatives to keep users motivated to use SMS.

While this feature doesn't appear to be directly targeting third party messaging services or SMS, it does appear to foreshadow yet another future challenge for companies like Twilio, and others specializing in long number SMS services and interoperability services. As the landscape for messaging platforms evolves, CKV appears to serve as both a technical innovation and a litmus test for Apple Messages commitment to prioritizing interoperability vs user security and privacy. This reminds me of how Apple launched location and advertising changes slowly and then fast. Although I have confidence that these features, along with the continued support for SMS, are designed to sidestep regulatory issues, I think it’s likely that Apple Messages will one day draw regulatory attention.