Our good friend Rich Mogull talked to Apple’s engineering and security teams and came away with an excellent overview of how Apple has designed the security of iMessage. There’s a particular emphasis on how Apple handles when new devices are added to an existing account:
It turns out you can’t add devices to an iCloud account without triggering an alert because that analysis happens on your device, and doesn’t rely (totally) on a push notification from the server. Apple put the security logic in each device, even though the system still needs a central authority. Basically, they designed the system to not trust them.
Fascinating look into a system with really solid security that’s more or less invisible to the end user. The end result: it’s really hard for anybody—criminals or the government— to basically log a “phantom” device into your iMessage account and get copies of your messages.