bigyabai parent
It's not extraordinary at all. Ron Wyden, a US Senator subject to special briefings, basically repeated the same thing when asked about federal backdoors:
https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
Push notifications for e2e messaging apps carry e2e encrypted payload, which can’t be decrypted unless Apple reads the private keys from those apps sandboxes…
In the case of iMessage/iCloud, it seems like that already happens: https://s3.documentcloud.org/documents/21114562/jan-2021-fbi...
That document appears to be over 4 years old, predating the availability of Apple's Advanced Data Protection system that claims to provide proper E2EE on most iCloud back-ups. The latter was controversially the subject of a specific legal attack by the British government using the Investigatory Powers Act resulting in Apple withdrawing the feature entirely from the UK market rather than compromise the security of their system - according to public reports anyway. Before ADP much of the data stored in iCloud backups was not fully end-to-end encrypted and Apple itself did not claim otherwise.
Those apps generally distribute keys, and E2E is if no help unless you validate those keys out of band. Do you, really?
Then there are all the ways, both white and varying shades of gray, of installing software in the end devices. That's your primary threat right there.