By John Gruber
Jaho Coffee Roaster:
Great coffee is a gift.
20% off with code: DF
iMessage’s Delivery Architecture Makes It Hard to Block Without Blocking All iOS Push Notifications
Tuesday, 9 December 2025
From Apple’s iMessage Security Overview:
Apple iMessage is a messaging service for iPhone, iPad, Mac, Apple Watch, and Apple Vision Pro. Relying on the Apple Push Notification service (APNs), iMessage lets users send texts and attachments like photos, contacts, locations, links, and emoji. Messages sync across all devices, enabling seamless conversations. Apple doesn’t store message content or attachments, which are all secured with end-to-end encryption so that no one but the sender and receiver can access them. Apple canʼt decrypt the data.
This thread on Mastodon, prompted by my wondering why Russia is blocking FaceTime but not iMessage, suggests that because iMessage messages are sent via APNs, a network (or entire nation) seeking to block iMessage can only do by blocking all push notifications for iOS. That’s why on airplanes with “free messaging” on in-flight Wi-Fi, you usually also get all incoming push notifications, even for services that aren’t available on the free Wi-Fi.
Here’s a support document from GFI Software, which makes network appliances for enterprises and schools:
The Exinda appliance gives administrators multiple options to stop or throttle applications that can use a lot of bandwidth in the network. An application that many would consider discardable or able to be easily limited in bandwidth is iMessage. When blocking or discarding iMessage traffic, users may experience an issue where all push notifications on iOS devices that have traffic going through the Exinda, i.e., on WiFi, will stop displaying.
Root Cause: Apple uses the Apple Push Notification Service (APNS) to allow application creators to push out information to iOS devices. This includes mail servers being able to push out notifications of calendar and email, or app creators to be able to push text-based messages straight to the device.
Apple might have architected iMessage this way to make iMessage veto-proof with cellular carriers, who, at the time of iMessage’s announcement in June 2011, were already promoting iPhone push notifications as a reason to upgrade from a dumb phone to an iPhone with a more expensive plan. The carriers might have been tempted to block iMessage over cell networks to keep people using SMS, but they couldn’t without blocking all push notifications, which wouldn’t be tenable. But this architecture also makes iMessage hard to block in authoritarian countries where iPhones are even vaguely popular. (Maybe this helps explain why iMessage isn’t blocked in China, too?)
Draw your own conclusions about cellular carriers and enterprise network administrators being similar to authoritarian governments.
| Previous: | Meta Says Fuck That Metaverse Shit |