Passkey Privacy Issues

&gt; My question is, why does Apple have all of this personal, private information, stored in plain text?<p>iCloud backups are usually encrypted (by default with a key Apple possesses). It&#x27;s possible Apple stores this data in a database, though; as far as I can tell, it&#x27;s a list of devices authenticated to your Apple account. The name and model of the device are probably there so you can easily manage them from a list of stored passkeys somewhere, as the only identifiers that need to be stored are the key ID and the public key which you probably wouldn&#x27;t recognise if you tried to check your security settings.<p>&gt; Is that how passkeys always work?<p>No.<p>Bluetooth passkeys generally work via CTAP2 with the key information encrypted on-device (though this does leak your BT MAC address to your immediate surroundings and leaves a pairing record on your computer, obviously), USB passkeys work by storing a key and signatures on the USB device itself, and every software-defined passkey implementation I&#x27;ve seen uses end-to-end-encryption for exchanging keys.<p>&gt; Does every website where you login with a passkey get your device model, name, UDID, and last 4 characters of your device serial number?<p>No. Most of this information seems to be collected specifically for Apple&#x27;s iCloud passkey sync mechanism. Passkey authentication should export a unique key ID per website&#x2F;session, a public key signature for verifying authentication, and optionally a vendor ID for the &quot;only permit certain types of passkeys&quot; restrictions (though those should not be used for almost anything).<p>&gt; I have no idea. I don&#x27;t know how passkeys are implemented. But it&#x27;s something we ought to know, something that passkey vendors ought to tell us. The privacy implications of widely distributing that information are disturbing. Downloading my data from Apple has brought more questions than answers.<p>If you hook a device up to a cloud account, you should expect the identifiers for that device to come with it. This is done at the very least to enable their theft protection system.

Apple only offers the cloud-synced variant of passkeys anymore (they used to support device-local ones that additionally supported device attestation, but these were deprecated in favor of the iCloud variant).<p>It would probably not be infeasible to end-to-end encrypt the metadata, in any case (the private key already is) – not sure why Apple isn’t already doing that.

&gt;&quot;What happens on your iPhone stays on your iPhone&quot; appears to be a blatant lie<p>To be fair, that is true for all Smart Phones. You should never use your Smart Phone for anything you want to keep private. It is just marketing speak IMO, privacy means it is private from your family and friends, not corporations.<p>Using OS&#x27;s like GNU&#x2F;Linux or a BSD, you have a chance of keeping things private because you control the encryption. On phones, someone else owns encryption.