Apple dropped plan for encrypting backups after FBI complained

Wonder if this will help to kill a meme, about how much Apple cares about users and what great values they have, how they&#x27;re going to stand for the user, fight with governments, etc.<p>While iPhone itself is pretty secure as a device phone (and Apple makes sure to remind you about that in each ad, public speaking, attacks on competitors, etc), as an ecosystem it&#x27;s not secure. And it&#x27;s like that on purpose - there&#x27;s no good and easy option to backup your phone other than iCloud.<p>You have to be a tech person to know how to keep an iPhone secure. Average Joe buys iPhone and pays for iCloud. They Apple first $1k to get (on top of other things) a secure device, and then they Apple monthly fee to give Apple all their data and make insecure. Pretty genius business strategy.

What the... I was under the impression that iCloud backups are end-to-end encrypted. This is a HUGE problem.

Apple has a list for that: <a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT202303" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT202303</a><p>These are end to end:<p>Home data<p>Health data (requires iOS 12 or later)<p>iCloud Keychain (includes all of your saved accounts and passwords)<p>Payment information<p>QuickType Keyboard learned vocabulary (requires iOS 11 or later)<p>Screen Time<p>Siri information<p>Wi-Fi passwords<p>The messages also end to end but the backup contains the private key.<p>The moral of the story is that if you want real protection, do local backups.

Reminds me of WhatsApp claiming it had encryption everywhere and then this [0] dropped. Except, in this case, I&#x27;m actually surprised. Didn&#x27;t Apple publicly claim that it wouldn&#x27;t bow down to any demands from the agencies?<p>[0]: <a href="https:&#x2F;&#x2F;www.theinquirer.net&#x2F;inquirer&#x2F;news&#x2F;3061660&#x2F;whatsapp-is-storing-unencrypted-backup-data-on-google-drive" rel="nofollow">https:&#x2F;&#x2F;www.theinquirer.net&#x2F;inquirer&#x2F;news&#x2F;3061660&#x2F;whatsapp-i...</a>

Easy fix: back up your iPhone locally on your computer instead of using iCloud: <a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT203977#computer" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT203977#computer</a><p>The ambiguous position on true end-to-end encryption shows once again that Apple is in for the marketing (both to consumers—predatory and dangerous, and to engineering talent—dishonest). Same hypocrisy as on the China issue. Not that there is an easy solution when you are one of the biggest companies on the planet and that shareholders essentially expect you to grow forever while playing nice with everyone.

The iCloud security overview [1] says iCloud backups are encrypted &quot;in transit&quot; and &quot;on server&quot;, but indeed doesn&#x27;t say much about the encryption keys. There is &quot;end-to-end encryption&quot; on just a few items (iCloud keychain, WiFi passwords, etc.)<p>1. <a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT202303" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-us&#x2F;HT202303</a>

I will not be surprised if further reporting points a finger at the influence of China as well.<p>Apple already conceded to hosting Chinese iCloud data on Chinese servers, and that news came out about 2 years ago... which is also the timeframe reported for this decision to forego end-to-end encryption of iCloud backups.<p>I&#x27;m guessing here, but I think it&#x27;s safe to assume that China was not going to permit such encryption (for the same reason they insist on hosting the data) and thus to provide it for the U.S., Apple would have had to fork iCloud. Add in the political risk in the U.S. and you have a recipe for &quot;maybe not.&quot;

For comparison, Google end-to-end encrypts Android backups with your lock screen PIN&#x2F;pattern (which isn&#x27;t known to Google).<p>Source - <a href="https:&#x2F;&#x2F;security.googleblog.com&#x2F;2018&#x2F;10&#x2F;google-and-android-have-your-back-by.html" rel="nofollow">https:&#x2F;&#x2F;security.googleblog.com&#x2F;2018&#x2F;10&#x2F;google-and-android-h...</a>

Between things like this, and the shenanigans Google pulls (with Android, the store, developers, and other things), I&#x27;m quickly going in a different direction.<p>My ultimate plan is to build my own phone; yes, I&#x27;ll still be stuck with a carrier (I use t-mobile, and I haven&#x27;t had a problem with them over 10+ years I&#x27;ve used them), and the hardware won&#x27;t be completely &quot;open source&quot;, but the software and OS will at least be what I make of it myself.<p>In the meantime, I&#x27;ll be playing with one of the Pine64 phones; hopefully it will give me most if not all of everything I want and need, and maybe I can help with bug testing or perhaps software development? At any rate, it won&#x27;t be Apple or Google.<p>There are times that I have when I sometimes think to myself that going back to simple email on a text screen, and not much else, would be a better thing than what the web has become. Maybe go back to BBS&#x27;s over ssh or something? &quot;Dial In&quot; using my TRS-80 Model 100 &quot;laptop&quot; and move out to the boonies...

But it is nice that you have the option to <i>not</i> backup with iCloud. They are not storing the information whether you like it or not as a lot of companies do.

Beyond HN and tech circles, is there any detectable groundswell of demand for privacy? When you talk with friends &amp; family about privacy, does anyone care?<p>When average people care about privacy, the large players will respond. Until then, pressure from the state can be accommodated without irking customers, so Big Tech will play along.

<i>It turns over data more often in response to secret U.S. intelligence court directives, which sought content from more than 18,000 accounts in the first half of 2019, the most recently reported six-month period. </i><p>When you think about it, that volume is staggering. 36,000 iDevice-using intelligence targets every year? Imagine the amount of analyst time required just to go through 36,000 iCloud backups every year!

This is also why you should never use cloud backups for iMessage or WhatsApp.

I don&#x27;t think we understand yet how to model the impacts of breaches on products.<p>Cambridge Analytica didn&#x27;t ruin facebook, but it did enable CCPA, and it probably changed how FB users think of &#x2F; trust the product. Ashley Madison &#x2F; equifax breaches completely ruined their cos.<p>Snowden disclosures were a weird middle case that meant all things to all people.<p>Weakening aapl&#x27;s privacy claims may not matter to a post-truth public but I suspect it will further drive demand for actual consumer privacy products, when and if they enter the market.

As a big fan of the Mac and iPhone this is incredibly disappointing. I always assumed the privacy situation with Apple was candy-coated but I didn&#x27;t think they were this spineless.

I don&#x27;t think Apple ever claimed iCloud backups are end-to-end encrypted (it is encrypted at rest, but not end-to-end).<p>But I can see how many users would assume that, given Apple&#x27;s dishonest&#x2F;brash marketing about how &quot;what happens on your iPhone stays on your iPhone&quot;.

Even if you want nothing to do with iCould, you must still enable it for these features:<p>- Mac-to-Mac copy&#x2F;paste (shared clipboard, continuity) - iPad sidecar<p>Once you enable it, it immediately begins uploading your contacts, photos and passwords to Apple. Then you need to disable those specific things. Even after you delete those things, every app on your phone can silently and without your explicit permission, start loading data into iCloud.

I wish Data Protection (<a href="https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;uikit&#x2F;protecting_the_user_s_privacy&#x2F;encrypting_your_app_s_files" rel="nofollow">https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;uikit&#x2F;protecting_t...</a>) would allow app developers to use a locally-derived key to secure app data.<p>Then, even in iCloud Backups, you&#x27;d still not have the key to decrypt specific app data without having unlocked the device.<p>I realize you could do this right now (in theory) with your own encryption solution and Keychain, but a first party solution that&#x27;s as easy use as the Data Protection features&#x2F;apis would be really nice.<p>Apple has plenty of data that I wish was E2E encrypted, but if many&#x2F;most of my 3rd party apps had their own data locked, that would go a long way in the right direction.

I believe this has been the case for sometime hasn’t it? I vaguely remember reporting indicating this was true during the San Bernardino case and that Apple handed over that backup. Either way I do remember reading the Apple law enforcement guidelines a year or two ago and this was the case. iCloud data is not secure from law enforcement.<p>My project list has implementing a WiFi backup Windows&#x2F;iTunes VM for this specific case. Does anyone know how iOS backups will be handled on personal PCs once iTunes is discontinued?

Just to be clear, if you do local backups to iTunes, you can encrypt those backups with a key you control

PSA: libimobiledevice exists and supports native encrypted backup&#x2F;restores for iPhones using the idevicebackup2 utility. You can also disable iCloud backups from there for fun.<p><a href="https:&#x2F;&#x2F;www.libimobiledevice.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.libimobiledevice.org&#x2F;</a><p>Not excusing Apple. This is a disgrace, first in China now here.

Apple is not 100% secured against SIM swapping. There’s an option to have an SMS sent with your 2FA code as another option. I know because I’ve done this before and was wondering when Apple would let you use a hardware token or virtual MFA as an option like in my Google account.

I&#x27;ve seen the list that Apple provides on their web site that lists the things that are end to end encrypted, but what about &quot;Locked&quot; Notes?<p>My understanding is that encryption is happening on the client-side and that you need to enter your password to unlock.

Are the iMessages in an iCloud backup encrypted or not? As of now. It seems actually unclear.

End-to-end backup encryption is hard. Apple had faced criticism from cryptographers for failing to implement it.<p><a href="https:&#x2F;&#x2F;blog.cryptographyengineering.com&#x2F;2012&#x2F;04&#x2F;05&#x2F;icloud-who-holds-key&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.cryptographyengineering.com&#x2F;2012&#x2F;04&#x2F;05&#x2F;icloud-w...</a><p>The fact that they started working on the problem then abandoned it after the FBI complained is disappointing, especially to Apple consumers. But all it means is the status quo marches on.<p>Headlines like this vindicate my decision to never purchase an Apple product.

Unpopular opinion:<p>We users are better off if Apple is &quot;compromising&quot; on something like this at the stage we&#x27;re in now - especially since nobody forces you to use iCloud Backups - than we&#x27;ll be when&#x2F;if the US gov makes Apple an offer it can&#x27;t refuse and forces a real backdoor master-key on the whole system top to bottom.<p>Assumption: That not going full encrypted backups will prevent the government from having the political capital to enact a &quot;crackdown&quot; forcing a backdoor on the devices, iMessage, etc.

Another case of a headline not being supported by the story:<p>“ Reuters could not determine why exactly Apple dropped the plan.<p>“Legal killed it, for reasons you can imagine,” another former Apple employee said he was told, without any specific mention of why the plan was dropped or if the FBI was a factor in the decision.”<p>And further on: “ However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often.”<p>So 4 of the 6 sources were speculating (FBI), and one actively admits they don’t know the reason, but the lede says 6 sources confirmed this. Hmmm...

So what about all the privacy billboards, &#x27;What happens on your phone stays on your phone?&#x27;. New version: &#x27;What happens on your phone stays on your phone and unencrypted on the cloud&#x27;.

A completely e2e encrypted backup system would have to include photos (current iPhone backups do not). But true encryption means that when customers forget their passwords, they lose their data.<p>Already, people who don&#x27;t use iCloud Photo Library and lose their phones, or forget their passwords, lose the photos that were on the phones.<p>Anyway, I think the customer experience issues weigh pretty heavily here.

Shame on the FBI. Unfortunately the average Apple user won&#x27;t understand or care about the implications. This is why I don&#x27;t use ICloud or any cloud products. Apple are not nearly as bad as Google though.<p>I stopped using GDrive about a year ago and I aim to be Google-free for 2020. I don&#x27;t use Gmail for anything important any more.

Is anyone surprised by this?<p>It could be for many reasons too, including average people forgetting iCloud passwords and wanting their data back. Does Apple unlock an iCloud backup in that situation?<p>Perhaps a pro-privacy compromise would be for Apple to offer the feature but have it turned off by default, which means 99.99% of users won&#x27;t ever change that.

The small bit of iCloud E2EE which Apple allows (for health data, passwords and Mac-to-Mac clipboard sharing) is using your iPhone&#x27;s 6-digit passcode and your Mac&#x27;s admin password.<p>That means that Apple can also now perform an offline brute-force attack against your file vault password.<p>This makes even your offline devices less secure.

Apple should allow third-party backup solutions. Backblaze is the option I would use if I had the choice, because they already support end-to-end encryption (end-to-end does have a downside: losing the encryption password means losing the data. Most people would make this tradeoff, but many HN readers would).

When will a startup enter into this space with a privacy focused smartphone? Does this already exist, and is it good? If not, why all the complaints and why hasn&#x27;t someone entered the market? Obviously startup costs will be high, but there will certainly be funding available for this market, right?

Is there a good design that lets someone forget their password and restore their backup (without a recovery key somewhere, like on an old device?)<p>If you forget a local iTunes backup password, there is no way to fix it.

What level decision this is?<p>a) Is this just tactical move? Apple might choose to delay it&#x27;s plans In effort to avoid confronting the current administration and wait for more reasonable one.<p>b) Is this permanent change of strategy? Giving up.

Two things:<p>1) There is no way Apple would be allowed to sell iPhones in China, without China government having access to anything. So, I assume that Apple users in China have e2e encrypted exactly nothing.<p>2) I have a strong suspicion that those &#x27;enter your Apple ID password because your account needs it&#x27; message really means &#x27;a government has requested your data and even though it&#x27;s encrypted, we will nag you about entering a password, and if you give it, you&#x27;re a free game&#x27;.<p>I don&#x27;t blame Apple for this, I&#x27;m sure they&#x27;re doing what they can, but when a government says &#x27;give us this data&#x27;, they can&#x27;t not comply and stay in business. And a whole point of a company is staying in the business.<p>Vote responsibly - companies can&#x27;t protect us from a government we have put into power.

Well, that&#x27;s one way to force Apple to reverse a stupid decision. Looking forward to backups encrypted so well Christopher Wray would have a nervous breakdown, in the next iOS update.

Apple has done a great job convincing otherwise &quot;progressive&quot; people that one of the world&#x27;s richest companies is the underdog who&#x27;s fighting for <i>you</i>!

Time to disable iCloud backup and cancel my iCloud subscription.

To be fair to Apple, if you believe Apples privacy policy, being able to access it, theyliky won’t access it and sell your data to advertising Agencies.

Apple has an opportunity to stand separate as a leader in user privacy first. But to do so means constantly standing up to government(s).

I was moments away from ordering a mac book 16&quot; when this got published. Waiting for the new xps 13 development edition now.

Dell, which started as a military supplier, encrypts their cloud storage to avoid liability.<p>I wonder what Apple is liable for in light of this.

Might be a good reason to look into storage as an appliance. Personal NAS&#x27; (Synology, QNAP) are quite serviceable.

Well the Fappening can disgrace and expose millions of people to extortion etc.<p>But the FBI can see everything so thats okay.

394 comments based on a rumor from an anonymous employee? Is this what HN considers &quot;news&quot;?

So what if the FBI complains? If anything, that&#x27;s a sign they&#x27;re doing things correctly.

Just back up on your pc and select encrypt and not use iCloud, but that is a huge hassle

Some companies are better than others but there&#x27;s absolutely no reason to believe any one of them would ever be on &quot;your side&quot; for any reason. You can vote for who makes decisions in government, but you can&#x27;t vote for who makes decisions in companies.

So now that iTunes is gone, how does one do a local iPhone backup?

If this is true it is incredibly disapppointing.

Great. More identity theft for the masses!

Data shouldn&#x27;t be end-to-end encrypted. It should just be end-to-server encrypted, without the server having an ability to decrypt your data.

oh I&#x27;m deeply disapointed. I payed so much premium for quality and privacy and this is my outcome.

Does anyone who knows anything about Apple think they would approach the FBI before creating a new feature?

I&#x27;m so done with Apple, but more generally, with cell-phones. I was very excited to have Signal available back in 2015, but when I learned about cellular baseband processors and DMA attacks, I realized the whole smartphone stack is insecure. We can&#x27;t audit anything in our phones, down to the cellular chip.<p>Even if our phones were 100% trustworthy, they are triangulated by cell towers thousands of times per day. Location tracking can only be avoided by:<p>1: Not owning a phone.<p>2: Powering off your device and keeping in a Faraday cage while not using.<p>Tempting to own a cute little purse that blocks phone signals, but do I really need a cell-phone on my body, 24&#x2F;7?<p>If I evaluate the overall pros &amp; cons of my cellphone, it has been overwhelmingly negative. I&#x27;ve had a phone since August 2014, when I went to college. Before that, I would text with my parents&#x27; phones.<p>Here are the top negative things that have happened due to using a phone:<p>1. Miscommunication, isolation, social anxiety due to social media and texting. Talking in person is so much better. And what about the hours and hours of snapchatting, so pointless and sad looking back.<p>2. False sense of security, thinking you can know what&#x27;s going on, help people, intervene when necessary (friend sexual assault stuff at parties). What about when their phone dies? It made me wish we had landlines, or that I had been there. If I didn&#x27;t have a cell phone, I don&#x27;t think I would&#x27;ve left the party. I would&#x27;ve stayed and kept watch.<p>3. Poor posture, lack of sleep, constant exposure to blue light (who knows if the light is really bad), etc.<p>4. Missed connections by having my head in my phone all the time in public.<p>5. The US government has a total map of my life since August 2014, even though I have sent thousands of encrypted messages and hundreds of encrypted phone calls.<p>6. Less time available each day. I have spent typically 1-3 hours per day on my phone since I got one, about 1,980 days ago. This amounts to probably 4,000 to 6,000 hours, or about 170 to 250 days. In other words, about 1&#x2F;8th of my life since 2014 has been dedicated to bullshit technology.<p>Here are some positives:<p>1. I have lots of photos that would otherwise have required a camera. But I have dozens of film cameras and a few digital ones, and there&#x27;s no reason to shoot photos on such a tiny format. Good luck printing cell-photos beyond 5x7 or even 8x10.<p>2. I occasionally talk to family. This could be accomplished with a landline.<p>Maybe I&#x27;ve missed some things, and maybe I&#x27;m being pessimistic, but the reality is that I&#x27;ve lost lots of sleep and experienced more problems with interpersonal relationships as a result of having a phone. It&#x27;s likely that not owning a phone would expose me to a new class of problems, but I&#x27;ve decided to get rid of my phone.<p>I&#x27;m in the process of switching accounts and removing 2FA, so I don&#x27;t need cell service. Once I get there, I&#x27;m planning to write a little blog post about it. After having a baby, it&#x27;s become clear that a phone is sucking my life away, and I need to be present with my family. Hope to have this all dealt with in the next week or two.

&gt; aboyt how much Apple cares about users<p>No company cares about anything. A company is not a person.<p>Apple, because of its privacy-marketing, is incentivized to be the privacy player in the market. But only so far as consumers keep them honest about it.<p>They got away with this loophole because it stayed under the radar; if it gets enough attention and enough customers show that it matters to them, it could change.<p>On the other hand, it&#x27;s possible that because we have a smartphones duopoly, Apple only needs to maintain a position where people will say &quot;well at least it&#x27;s not as bad as Google&quot;. I&#x27;m upset about this personally, but I&#x27;m not ditching my iPhone. Of course, this does cement my decision to never pay for iCloud, for what that&#x27;s worth (much less, but not nothing).

&gt;there&#x27;s no good and easy option to backup your phone other than iCloud.<p>Turn off iCloud and do local encrypted backups to your PC or Mac.<p>This works over your wifi network (if you prefer wireless charging at home) or via a cable connection.

The ecosystem is incredibly insecure, despite what Apple&#x27;s marketing department wants you to think. More than anything I&#x27;m surprised at how often their advertising talking points are parroted in tech circles, like here on HN.. in any thread hinting at Google vs Apple you&#x27;re bound to find a long comment chain about how Apple is &quot;secure&quot; and &quot;privacy oriented&quot; and &quot;cares about their users&quot;. Not that Google is any better, but it makes me wonder whether it&#x27;s just astroturfing or if their marketing is actually working.

Which is exactly why I use Signal exclusively.

another reason to switch to android

Surprise! The &quot;we value your privacy&quot; statement is a lie, as with any other US company.

Privacy? Who needs it, amirite?<p>I mean, I&#x27;m not up to anything illegal, and I don&#x27;t actually care about people seeing my stuff, BUT... the concept as a whole of &quot;government should have access to everything all the time, regardless of reasoning&quot; does not sit well with me.

Is Apple’s privacy white paper dealing with fats on iCloud just an eyewash now?<p><i>&gt; Instead of protecting all of iCloud with end-to-end encryption, Apple has shifted to focus on protecting some of the most sensitive user information, such as saved passwords and health data.<p>&gt; But backed-up contact information and texts from iMessage, WhatsApp and other encrypted services remain available to Apple employees and authorities.</i><p>Way to confuse laypeople with promises of security and data privacy. If Apple had concerns about users losing the key, why not implement it similar to two factor authentication on Apple IDs where Apple also provides the recovery codes (and additionally disallow any other mechanism of recovery)?