It's also important to realize that the backup includes your encrypted iMessage messages, <i>and</i> the key required to decrypt them. Meaning that if you have backups enabled, all the "end-to-end" encryption in iMessage is defeated. Apple and by extension the FBI can read your messages. This is documented by Apple here: <a href="https://support.apple.com/en-us/HT202303" rel="nofollow">https://support.apple.com/en-us/HT202303</a><p>Even if you disable backups, whenever you correspond with someone that has backups enabled those messages are still accessible to Apple.
Since user encrypted iCloud backups would prevent password recovery to access your data I'm more inclined to believe the decision was made out of convenience for the end user.<p>General public would hate it when the support won't help them recover family photos which are still stored in the cloud. Full encryption is nice to have, but overwhelming majority of users won't get any tangible benefits from that.
It looks like the main "about backups" page [1] on Apple Support misleads about this issue:<p>> iCloud backups include nearly all data and settings stored on your device. iCloud backups don't include:<p>> Data that's already stored in iCloud... iMessages... Health data<p>Only the more technical "about encryption" page [2] that most users wouldn't seek out contains the full story, providing a list of regular encryption vs. E2EE services and admitting the key issue:<p>> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.<p>The problem is that the first page makes it sound like no iMessage related data is backed up, when the truth is that the messages themselves aren't but a backdoor copy of the encryption key is, and lists it along with other E2EE services like Health data that do not have a key backed up and remain E2EE protected with iCloud backup. A user would have no reason to even seek out the second article to learn that it's not the same.<p>Concerningly, iCloud Photos are not E2EE at all. It's no more secure/private than Google Photos or any other app.<p>[1] <a href="https://support.apple.com/en-us/HT204136" rel="nofollow">https://support.apple.com/en-us/HT204136</a>
[2] <a href="https://support.apple.com/en-us/HT202303" rel="nofollow">https://support.apple.com/en-us/HT202303</a>
All the apologists worrying about users losing their keys are forgetting that even Google has enabled opt-in end to end encryption on Android: <a href="https://www.androidcentral.com/how-googles-backup-encryption-works-good-bad-and-ugly" rel="nofollow">https://www.androidcentral.com/how-googles-backup-encryption...</a>
I'm convinced this is also why after 20+ years of knowing how to have a id authenticated/encrypted email system based on public keys its not been made the default in pretty much any of the mainstream email systems.<p>The excuses of it being unwieldy are 100% because its not transparently integrated.
This is why I use local only backups but there’s been a number of times where iCloud backups will mysteriously re-enable and I have to go delete the backup and disable. Not a fan of that!
I've been posting that Reuters link repeatedly to HN (in context) for the last year or so; hopefully this is common enough knowledge now that I can stop.<p>This whole "Apple cares about your privacy and encrypts your data" false narrative really needs to finally end.
Theory: Apple has a deal with the government to not properly encrypt iCloud backups in exchange for the government not regulating them through antitrust.<p>This is pure speculation, but I wouldn't be surprised if this is why the government has been so lax on antitrust regulation with Big Tech.