>Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications.
Generally the biggest threat that end to end encryption (E2EE) addresses is the people that actually run the servers "inserting their own device to eavesdrop". So Apple in this instance. We would normally have to assume that Apple would do this on a request from state level entities as part of the threat model.
Apple has to provide some sort of E2EE identity verification if they want to claim that they are providing E2EE messaging. I note that they have been making such a claim for some time now. After this, all that will remain is the issue of control of the software. We will still have to trust Apple to not subvert the clients in some way. So nothing has substantially changed yet.
From the little we know about the usability of this new feature I note that the warning about new/changed devices is in small grey text. So very easy to overlook. hopefully Apple will provide enough context to allow the user to do something meaningful in response to such a warning.
Generally the biggest threat that end to end encryption (E2EE) addresses is the people that actually run the servers "inserting their own device to eavesdrop". So Apple in this instance. We would normally have to assume that Apple would do this on a request from state level entities as part of the threat model.
Apple has to provide some sort of E2EE identity verification if they want to claim that they are providing E2EE messaging. I note that they have been making such a claim for some time now. After this, all that will remain is the issue of control of the software. We will still have to trust Apple to not subvert the clients in some way. So nothing has substantially changed yet.
From the little we know about the usability of this new feature I note that the warning about new/changed devices is in small grey text. So very easy to overlook. hopefully Apple will provide enough context to allow the user to do something meaningful in response to such a warning.