Didn't Apple debunk that debunking themselves in February, when they released the iOS Security doc? [1]
According to Apple, each device's private key is generated locally and never leaves the device, making it impossible to MITM your messages.
From page 20: "For each key pair, the private keys are saved in the device’s keychain and the public keys are sent to Apple’s directory service (IDS), where they are associated with the user’s phone number or email address, along with the device’s APNs address."
That doesn't make it impossible to MITM - Apple still controls the keyserver.
When I ask for nardi's public key, they can give me theirs, I encrypt it with that key and send it. They use their private key to decrypt it, store it, and then encrypt it with your actual public key and forward it along, neither of us any the wiser.
If you don't have a SAS phrase or some other way to aurally verify the other party, you can never be secure against a MITM. Signal does this, while I doubt it's available in FaceTime audio.
> I'm sure there is no real end-to-end encryption.
"The audio/video contents of FaceTime calls are protected by end-to-end encryption, so no one but the sender and receiver can access them. Apple cannot decrypt the data."
You don't know what you don't know - or in other words, have you seen the latest research on iOS surveillance mechanisms? There could be other "undocumented" stuff that makes the encryption of Facetime Audio irrelevant.
In the very same doc you quote, they also say of iMessage:
"Apple does not log messages or attachments, and their contents are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple cannot decrypt the data."
"The audio/video contents of FaceTime calls are protected by end-to-end encryption, so no one but the sender and receiver can access them. Apple cannot decrypt the data." [1]
