Too bad they don't explain how they will detect that people are spying on you. https://www.androidauthority.com/imessage-contact-key-verification-3248853/
Probably somehow "convince" client to use keys of another user account. I probably it all comes down to how convenient key exchange works under the hood. I mean there is a reason why PGP/GnuPG users used to organizer key signing parties
Lol. what a sensational headline, it's probably just the same as what Signal and other E2E encrypted messengers had from the beginning Indeed, PGP/GnuPG hasn't been exactly widely adopted because you have to exchange keys manually. So, with most E2E encrypted messengers, the server exchanges the keys for you. Otherwise the usability would be bad. That also means that instead of getting the public key of the one you want to message, you could get the public key of Apple / someone who hacked the server / law enforcement etc. So you're sending your messages encrypted to them, they decrypt them, and send them again encrypted to the recipient. So what you need is a way to verify the public key (through shortened fingerprint, QR code etc) to be sure you're actually communicating with the one you intend to. And an alert when that public key changes later on, so you can verify it again in case it is because someone is eavesdroppings instead of the recipient switching to a new phone or something like that. Which is what Signal and others have been doing from the beginning. It is even possible in WhatsApp(though notifications about changing keys is opt-in there, and you can't 'mark' a contact as verified so you know which ones are verified, but it is possible to verify a fingerprint/QR code.)
I assumed this was done by exploiting the iMessage app. But this would mean that Apple's iOS is now capable of detecting such exploits.
