Apple Is Finally Encrypting iCloud Backups

After way too many years, Apple is finally encrypting iCloud backups:

Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, contacts, and calendar systems,” according to its press release.

You can see the full list of data categories and what is protected under standard data protection, which is the default for your account, and Advanced Data Protection on Apple’s website.

With standard data protection, Apple holds the encryption keys for things that aren’t end-to-end encrypted, which means the company can help you recover that data if needed. Data that’s end-to-end encrypted can only be encrypted on “your trusted devices where you’re signed in with your Apple ID,” according to Apple, meaning that the company—or law enforcement or hackers—cannot access your data from Apple’s databases.

Note that this system doesn’t have the backdoor that was in Apple’s previous proposal, the one put there under the guise of detecting CSAM.

Apple says that it will roll out worldwide by the end of next year. I wonder how China will react to this.

Tags: , , ,

Posted on December 12, 2022 at 7:00 AM10 Comments

Comments

Q December 12, 2022 9:54 AM

The notion of having Apple store and be the gatekeeper for your data is where the real problem is.

The data is encrypted now, but it doesn’t solve the problem of being held hostage by Apple if you ever decide to ditch your iPhone.

Find a way to copy it off the Apple systems and keep all your data under your own control. Then it won’t matter if your iPhone shits itself, or Apple demands more money to continue to provide access, or any of many ways it can all go tits up and you lose access to everything.

TimH December 12, 2022 9:54 AM

It doesn’t seem that great to me. Firstly, Apple holds the keys for iCloud Mail, Contacts, Calendars which means that a Prism (Apple is a member – thanks, Snowden) sweep of idata will find people connections with that, and use that for a warrant.

The statement “The security of your data in iCloud starts with the security of your Apple ID. All new Apple IDs require two-factor authentication to help protect you from fraudulent attempts to gain access to your account.” has a weasel word. Access by goverments won’t be fraudulent, will it?

Lastly, the key for “Trusted devices” is in the device. But how easy is it to obtain by the 3rd party who has seized the device?

Gordon Shumway December 12, 2022 10:50 AM

Thanks, Bruce.

You’ve provided the exact context this needs… ‘finally’ (in italics).

Sadly something the sycophantic tech press seems incapable of doing. Apple’s cloud services never should have been launched without the option of zero-knowledge encryption. But, we live in a commercial world of features over function, as you’ve said many times.

Also, notice the services which are still not encrypted; contacts, icloud mail and calendar. Because, of course those aren’t important to keep private, right? Ugh.

I’m sure Apple doesn’t have the resources to implement those things in a private manner. Tim Cook needs his stock options after all.

Clive Robinson December 12, 2022 11:31 AM

@ Bruce, ALL,

“Note that this system doesn’t have the backdoor that was in Apple’s previous proposal, the one put there under the guise of detecting CSAM.”

If it’s not CSAM as an excuse it will be something else. Do people remember the nonsense excuse that the FBI-DoJ started their “We’ll smash Apple and every on will follow” court case? That turned into such a disaster for the FBI-DoJ psychos they had to pull the rip-cord and bail before an adverse decision was handed down by the Magistrate.

The FBI-DoJ nore many other “Might is Right” socio or psychopaths are not going to give up. If they can not squeeze what they want out of the Corps, or Courts, then they will blackmail the legislators, or worse.

But the real issue as I keep pointing out is not using encryption as such but where and how it is used.

There is no phone available to consumers and even proffessional organisations that is “Secure by Design”.

The reason as I keep saying is

“The lack of security through having the security end points not just in the wrong place but easily bypassable”.

This lack of hard segregation makes any on-board encryption circumventable and/or the encryption keys accessable/vulnerable from the “Over The Air”(OTA) interface.

The fact nobody including Apple want to address this issue, kind of makes this change by Apple both insufficient and effectively just PR.

Yes I know that sounds harsh, but there will be successful attacks on the iPhone probably within a year circumventing it. Such is the nature of the design failing.

Anon December 12, 2022 1:21 PM

I think it’s far too early to declare victory on this front.

They tell in their very own documentation that they’re using convergent encryption for deduplication purposes (although they only mention using the checksums – of plaintext), which has some interesting problems associated with it.

Other than user-generated files that are never shared, this still creates a backdoor that destroys privacy.

Ted December 12, 2022 6:29 PM

@Anon

It was really interesting to look over the iCloud data security overview.

So even with Advanced Data Protection enabled, Apple will still have access to a fair amount of iCloud metadata under the standard data protection scheme? I guess this will still be legally accessible?

Are you at all worried about local key storage under the Advanced Data Protection option? Do you think this will make endpoints more compelling targets? Also was it clear what might happen if someone loses their phone?

I wonder how many people will opt into Advanced Data Protection. I hope we get more analysis on all the real-world risks and benefits of that very wished for feature.

Stirred of Gin Defuschia December 12, 2022 6:40 PM

Hasn’t Apple iCloud Keychain been using this scheme for some years? Has it ever been breached?

Della Cole July 17, 2023 3:54 PM

Whether you’re a dedicated audiophile or an everyday music lover, finding the perfect pair of headphones can significantly impact how you enjoy your favorite tunes. One question that often arises is whether there are headphones specifically optimized for certain music genres.
why headphones are better than earbuds

Hal November 15, 2023 9:23 PM

TimH is right. The safest practice is to not backup, or backup as little as possible to iCloud. Do not backup other applications especially the encrypted apps you use (Signal or an encrypted email provider), or even browsers as it is easy enough to download new alternative browsers. Do not use the iCloud for storage; one one of the encrypted cloud services. Do not even have folders in Apple Mail on iCloud, instead have the folders only on your computer so they are not accessible in iCloud. Delete old phone backups and only store a current one and when you do another backup delete the last one. Remember the adage that deleted data cannot be stolen, or subpoenaed; thus, practice data hygiene in the cloud.

An iPhone can alternatively be backed up to a Mac’s iTunes and encrypted there, or apparently now in Finder without using iTunes (something that always seemed messy to me).

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.