Apple can decrypt its iMessage system on government orders and read users' messages anytime they want, according to security researchers.
Penetration testing firm Quarkslab developer Cyril Cattiaux said that the iPhone maker's assertion in June that iMessages are encrypted end-to-end is a lie.
"As Apple claims, there is end-to-end encryption. The weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages," Cattiaux said.
"Also remember that the content of the message is one thing, but the metadata are also sensitive.
"And there, you rely on Apple to carry your messages, thus they have your metadata."
Researchers added that messages could not be read by hackers, as they require physical control of the device and the setting up of malicious software.
In reply, an Apple spokesman said that iMessage is not architected to allow Apple to read messages.
"The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so," he added.
Launched in 2011, Apple's iMessage system has a global user base of about 300m users.
Established in 1957, BCS, The Chartered Institute for IT, promotes wider social and economic progress through the advancement of information...