> I'm sorry, a messaging app that in its most common configuration has its encryption keys stored on its developer's servers in a way that allows them to decrypt messages at will cannot be reasonably called e2ee.

It's extremely common for Apple services to be encrypted in transit and on Apple's servers by default, and additionally also at rest when you opt into ADP (which is how you say "I want E2EE and understand the ramifications of that" in the Apple Cinematic Universe).¹ As you noted, for the average consumer, ADP² is overkill and therefore a terrible default.³

¹ https://support.apple.com/en-us/102651 ² https://support.apple.com/guide/security/advanced-data-prote... ³ https://news.ycombinator.com/item?id=43934995

Those other Apple services are not marketed over and over with the promise of end-to-end encryption. It's a major selling point of iMessage and it is a false promise when Apple deliberately collects the keys to the majority of iMessage traffic and routinely decrypts user messages (for law enforcement, we know for sure, and we can't exclude the possibility that they do it for other purposes).

ADP doesn't need to be default for iMessage to be e2ee. Keychain passwords are e2ee without ADP. So is health data. Even Memoji are e2ee in backups! And I believe they can be restored even if you lose all your devices, using the same technique Google uses in their system. Apple could literally turn it on for iMessage tomorrow using the same infrastructure. Every day they are deliberately choosing not to.