iMazing 3

iMazing Security & Privacy

Security

At DigiDNA, we have the utmost respect for our users' data. We are a Switzerland-based and Swiss owned company active since 2008. Protecting our users' privacy has been an essential part of our core values since day one.


Important: beware of non-genuine distributions!
iMazing is a very popular application which is widely cracked and/or distributed by non-official download sites. We strongly encourage all our users to download iMazing from https://imazing.com/download, and to be vigilant of any signs of tampering.

macOS: please pay attention to warnings when first launching iMazing. Our official version is code-signed with an Apple issued certificate: Developer ID Application: DigiDNA SARL (J5PR93692Y). It is also notarized by Apple, which means that every single release is uploaded to Apple servers before release and automatically checked for malware.
Learn more about notarization.

Windows: please pay attention to warnings when first launching iMazing's installer. Our official version is code-signed with a DigiCert issued certificate: DigiDNA SARL.

If you are deploying iMazing in a security critical context, or if you have any doubt about the installer you downloaded, follow the instructions at the end of this page to verify iMazing's code signing.


Locally stored data

When you access your mobile device's data with iMazing, it remains under your control, on your computer or on the storage device of your choice.

None of your files are uploaded to any server or accessed in any way by DigiDNA.


No data sharing or monetization

The personal data that we do collect for license management purposes (email, activation status, licensed devices...) is never shared or sold to 3rd parties. By default, no device identifiers are uploaded to our servers – a unique, iMazing specific hardware ID is instead generated to better protect your privacy.

Strictly zero monetization of user data: our business model is simple and transparent. Free features really are free. Licensing fees account for 100% of our income.


Backup encryption encouraged

Most data stored on iOS devices can only be accessed via a full backup of the device (sometimes called iTunes backup). When iMazing first backs up your device, it will encourage you to enable Apple's backup encryption feature (AES-256), which ensures that your personal data is extra safe.

  • If you tick the Remember Password checkbox, your password will be securely stored in the macOS Keychain or in Windows Credentials.
  • When you browse backed up data in iMazing, decrypted files will be stored in a cache on your computer. This cache will be cleared automatically when you remove a device from iMazing, or manually via iMazing's Preferences window.


Secure connections, no jailbreak

iMazing can be used completely offline, with minimal impact on its capabilities. When it does initiate connections to remote servers, HTTPS is always favoured where available. The following article provides more detail: Which domains does iMazing connect to, and why?

In addition, USB and Wi-Fi connections between your computer and your iOS devices go through a dedicated Apple communications protocol which uses end-to-end encryption (SSL/TLS 1.2, 1.3). iMazing goes through the same communication channels used by iTunes and the Finder, and fully respects Apple security flows. Pairing between your Apple mobile devices and your Mac or PC computer is handled by an Apple security layer, not directly by iMazing.

Finally, iMazing does not modify or attempt to modify iOS itself. It does not jailbreak Apple mobile devices, nor does it require devices to be jailbroken. All data is accessed and backed up via legitimate communication channels which do not compromise the security of your iOS devices.


Safe Apple ID login

When using iMazing's app management features, you may be asked to login to your Apple ID. This is required for iMazing to download apps which you have already legitimately acquired on the App Store or to download photos and videos from iCloud.

  • Your password never leaves your computer, and DigiDNA never has access to it.
  • 2 factor authentication is fully supported. We encourage you to enable it if you have not already.
  • If you tick the Remember Password checkbox, your password will be securely stored in the macOS Keychain or in Windows Credentials.


Verify iMazing's code signing

A different code-signing identity, certificate authority, thumbprint, or the absence of code-signing, indicate that you have downloaded a non-genuine version of iMazing which could be infected with malware. Please report any such finding immediately, mentioning the source of the application.

macOS

Both the DMG and the app itself are code signed with the same Apple issued certificate.

Issuer: Apple Root CA
Certificate: Developer ID Application: DigiDNA SARL (J5PR93692Y)
SHA-1 thumbprint: 7D 6C 95 C0 6A 2B 4B 6E 90 6D F6 04 0E 89 96 A9 82 9B 59 68

You can verify the certificate's thumbprint using codesign in the macOS terminal:

codesign -vv -R="certificate leaf=H\"7D6C95C06A2B4B6E906DF6040E8996A9829B5968\"" path-to-imazing-dmg-or-app

Windows

Both the installer and the app's executable are signed with the same DigiCert issued certificate.

Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Certificate: DigiDNA SARL
SHA-1 thumbprint: 05 2E 0E D2 8C CB C7 E7 78 44 C6 66 D8 CC 27 A2 54 CC 8F 88

The thumbprint can be checked in the Properties panel of the Windows File Explorer:

  1. Right click iMazing's installer or executable and select Properties from the context menu
  2. Select the Digital Signatures tab
  3. Double click the first item in the list
  4. Click View Certificate
  5. Select the Details tab
  6. Find the Thumbprint field