The encryption key for “Messages in iCloud” (a cross-device sync service) gets backed up in the iCloud Backup (which is, as discussed, not e2e and thus readable by Apple), however, backdooring the e2e nature of Messages in iCloud by escrowing the key to Apple in the backup.
If MIC is enabled, iCloud Backup backs up the key, breaking the e2e. If MIC is disabled, iCloud Backup backs up the plaintext message history, breaking the e2e. This is well documented in the Apple KB article 202303 on the topic.
> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
It’s written in a misleading style, but if you read it carefully it is apparent what is happening.
Turning off iCloud Backup is insufficient, as each conversation is backed up twice: once from each side. Your conversation partners’ devices default iCloud Backup to on.
Apple has the ability to read almost every single iMessage sent or received, on a 12-24 hour lag (iCloud Backups happen overnight), from data already on their servers, without ever touching a customer phone. All of the encryption is a handwavey distraction.
