If you really believe that China doesn't have a deal with Apple that nerfs this in China, I have a bridge to sell you.
China, a country which mandates spyware be installed on phones. Which uses deep packet inspection to block access to foreign websites, that bans VPNs in app stores. China, a country which forces the population of Xinjiang to install Jingwang (https://en.wikipedia.org/wiki/Jingwang_Weishi), a spyware app so they can grab your on-device files. Which has deployed facial recognition cameras in many cities. Which blocked access to Wikipedi because it switched to HTTPS.
That China, you think, is going to allow all of that to be circumvented just by buying an iPhone? Right. Chinese Government: "You're not allowed to use VPNs. But if you're in Xinjiang, and you need privacy, we recommend buying an iPhone, since it doesn't work with Jingwang, nor deep packet inspection. Just tell the police you have an iPhone, and we'll wave the usual regulations we impose on Android devices."
Last time I was in Xinjiang, people there had iPhones. No one believes iMessage would be snoop proof.
It doesn't matter what you believe because Apple said that was the case in court filings during the FBI legal fight. Tim Cook reaffirmed that in an interview with Vice last fall.
What Apple says about what they do in the US, and what they do in China, are two different things. And what Tim Cook reaffirmed is irrelevant, what matters is how the iMessage protocol works.
As far as I can tell, the way iMessage works according to Apple's documentation, is that endpoints generate 1280-bit RSA encryption keys, hold the private keys on the device, but publish the public keys to a centralized IDS Directory Server. Note that their published security documents curiously don't say anything about man-in-the-middle mitigation, and indeed, MITM attacks against iMessage on IOS9 were publicly documented.
Now, what do you know about where the IDS servers are located in China, and who controls them? Because if Apple doesn't control them, and control them in a way that makes them impossible to spoof, then it is easy for the Chinese government to attack iMessage.
Thus, Tim Cook could say "We haven't put any backdoors into iMessage for the Chinese government and it is end to end encrypted" and it would be a true statement, but also Apple engineers could know full well the IDS in China could be subject to a MITM.
A plausible way this could happen, after Apple moved the iCloud keys to China, is that the Chinese government could request to intercept communications from a particular user, and the public keys of every recipient that user communicates with could be replaced with a MITM key so they can rely the messages and see the unencrypted content.
We don't know, but what we do know is that iMessage has been attacked with MITM before, and we know the PRC isn't going to let unbreakable encryption be sold to Uighurs in Xinjiang. It defies logic.
The article refers to icloud encryption keys, not imessage keys.
If imessages are backed up to icloud, then the govt will have keys to see them. But if a user doesn't back up, I was under the impression not even apple could decrypt iMessages.
iMessage (public) keys are "backed up" to IDS directory services. This is how Apple devices do key-exchange with one another. If there is no man-in-the-middle mitigation for IDS, then all the Chinese government needs to do is return spoofed keys for anyone you're communicating with. Remember, when you send messages to other people, you encrypt with THEIR key, not yours (on device). Your key is used for signatures and decrypting messages sent to you by them. THEIR Key comes from the cloud, and thus subject to attack if key exchange wasn't secure.
