I agree with your comment, but just to point out something counterintuitive:
> privateer (NSO etc) threat actors,
E2EE is actually a boon to NSO and friends. It's how they get to deliver their exploits to targets without the service operator being able to inspect them or filter them, or retroactively analyze them to plug the exploits. NSO doesn't have any traffic inspection capability, so their antics rely entirely on exploiting target devices, and E2EE counterintuitively helps in that case.
If iMessage weren't E2EE it would be very easy for Apple to implement a heuristic to look for suspicious messages and keep a copy for further analysis, or automatically run them through their codebase in a sandbox and see if it results in any indicators of compromise. But they can't do any of that, and that's how NSO sometimes goes on years exploiting the same iOS bugs before Apple figures them out. With E2EE, you have to rely entirely on endpoint security, and the provider can't help you server-side.
I think you're right, but I don't think it's due to some first principles contradiction between E2EE and exploits as much as it is largely a historical anomaly that customers have looked to service providers for security. The track record shows pretty clearly that the service provider's interest in customer security only goes as far as not to be reputationally damaging - we've seen plenty of communications companies actively helping authorities to spy on their own customers.
> If iMessage weren't E2EE it would be very easy for Apple to implement a heuristic to look for suspicious messages
Indeed, it would at the very least be easier, but let's assume Apple did have this capability. The first order of priority would be stopping spam, which is orders of magnitude more common and problematic than targeted exploits. Simply taking a look at the app store kind of shows their ambition level. At best, Apple is going to want to be "more secure than Android", but beyond that.. it's simply not gonna be a priority (and Apple is even one of better ones).
> NSO sometimes goes on years exploiting the same iOS bugs before Apple figures them out
Yes, but I think this is temporary. Citizen Labs have been shortening this round trip time enormously simply by having analysis or software deployed on likely targets' devices. CrowdStrike and similar security companies operate on a similar model, acting as a counter-surveillance trusted third party. On medium-term time scales, I think such models are more ethical, have a superior incentive structure and, most importantly, will prove to be more effective than the usual half-assed service provider solutions. At least, I hope I'm right.
> privateer (NSO etc) threat actors,
E2EE is actually a boon to NSO and friends. It's how they get to deliver their exploits to targets without the service operator being able to inspect them or filter them, or retroactively analyze them to plug the exploits. NSO doesn't have any traffic inspection capability, so their antics rely entirely on exploiting target devices, and E2EE counterintuitively helps in that case.
If iMessage weren't E2EE it would be very easy for Apple to implement a heuristic to look for suspicious messages and keep a copy for further analysis, or automatically run them through their codebase in a sandbox and see if it results in any indicators of compromise. But they can't do any of that, and that's how NSO sometimes goes on years exploiting the same iOS bugs before Apple figures them out. With E2EE, you have to rely entirely on endpoint security, and the provider can't help you server-side.