iCloud Backups Not as Secure as iOS Devices to Make Restoring Data Easier

by

icloud_icon_blueApple's ongoing fight with the FBI over whether the company can be compelled to help the government unlock the iPhone 5c used by San Bernardino shooter Syed Farook has brought the full range of Apple's privacy policies into the spotlight.

The details surrounding the case have made it clear that while Apple is unable to access information on iOS devices, the same is not true of iCloud backups. Apple can decrypt an iCloud backup and provide the information to authorities when ordered to do so via a warrant, as it did in the San Bernardino case.

In a piece posted on The Verge entitled "The iCloud Loophole," Walt Mossberg takes a look at Apple's iCloud backups and explains the reason why iCloud data can't be made as secure as data stored solely on an iPhone or iPad.

Apple is able to decrypt "most" of the data included in an iCloud backup, and an Apple official told Mossberg that's because the company views privacy and security issues differently between physical devices that can be lost and iCloud. With iCloud, it needs to be accessible by Apple so it can be used for restoring data.

However, in the case of iCloud, while security must also be strong, Apple says it must leave itself the ability to help the user restore their data, since that's a key purpose of the service. This difference also helps dictate Apple's response to law enforcement requests. The company's position is that it will provide whatever relevant information it has to government agencies with proper, legal requests. However, it says, it doesn't have the information needed to open a passcode-protected iPhone, so it has nothing to give. In the case of iCloud backups, however, it can access the information, so it can comply.

iCloud backups contain iMessages and texts, content purchase history, photos and videos, device settings, app data, voicemail password, and health data. Backups don't include information that's easily downloadable, such as emails from servers or apps, and while iCloud backup does encompass iCloud keychain, Wi-Fi passwords, and passwords for third-party services, that information is encrypted in a way that makes it inaccessible to Apple.

Mossberg suggests customers who don't want to upload data to Apple via an iCloud backup make local encrypted backups through iTunes using a Mac or PC, and he points out that other cloud storage services, like Dropbox, are no more secure.

Mossberg's full exploration of iCloud is available over at The Verge and is well worth reading for anyone interested in the security of data stored in the cloud.

Tags: iCloud, The Verge
Related Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+

Popular Stories

imac video apple feature

Apple Unveils First New Products of 2026

Monday January 26, 2026 1:55 pm PST by
Apple today introduced its first two physical products of 2026: a second-generation AirTag and the Black Unity Connection Braided Solo Loop for the Apple Watch. Read our coverage of each announcement to learn more:Apple Unveils New AirTag With Longer Range, Louder Speaker, and More Apple Introduces New Black Unity Apple Watch BandBoth the new AirTag and the Black Unity Connection Braided...
Read Full Article
iPhone 5s

iPhone 5s Gets New Software Update 13 Years After Launch

Monday January 26, 2026 3:56 pm PST by
Alongside iOS 26.2.1, Apple today released an updated version of iOS 12 for devices that are still running that operating system update, eight years after the software was first released. iOS 12.5.8 is available for the iPhone 5s and the iPhone 6, meaning Apple is continuing to support these devices for 13 and 12 years after launch, respectively. The iPhone 5s came out in September 2013,...
Read Full Article127 comments
Second Generation AirTag Feature

Apple Unveils New AirTag With Longer Range, Louder Speaker, and More

Monday January 26, 2026 6:07 am PST by
Apple today introduced the second-generation AirTag, with key features including longer range for tracking items and a louder speaker. For those who are not familiar, the AirTag is a small accessory that you can attach to your backpack, keys, or other items. Then, you can track the location of those items in the Find My app on the iPhone, iPad, Mac, Apple Watch, and iCloud.com. The new...
Read Full Article233 comments
Apple Logo Spotlight

Apple to Launch These 20+ Products This Year

Sunday January 25, 2026 6:02 pm PST by
2026 promises to be yet another busy year for Apple, with the company rumored to be planning more than 20 product announcements over the coming months. Beyond the usual updates to iPhones, iPads, Macs, and Apple Watches, Apple is expected to release its all-new smart home hub, which was reportedly delayed until the more personalized version of Siri is ready. Other unique products rumored for ...
Read Full Article76 comments
Apple Creator Studio

Apple's Next Launch is Today

Tuesday January 27, 2026 2:39 pm PST by
Update: Apple Creator Studio is now available. Apple Creator Studio launches this Wednesday, January 28. The all-in-one subscription provides access to the Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage apps, with U.S. pricing set at $12.99 per month or $129 per year. A subscription to Apple Creator Studio also unlocks "intelligent features" and "premium...
Read Full Article

Top Rated Comments

Mums Avatar
Mums
129 months ago
This is called security theater.
Score: 7 Votes (Like | Disagree)
Rigby Avatar
Rigby
129 months ago
Technically Apple could absolutely offer a cloud backup solution where even they couldn't access the data. For example, they could let the user pick a backup password (same as they already do for encrypted iTunes backup) and use it to encrypt the data before uploading to iCloud. Of course this means that users who forget the password couldn't restore their backup, which is why they should probably make this optional and give the user a proper warning. And, BTW, there are cloud services that use similar approaches to encrypt their users' data, e.g. Spideroak and the backup service Crashplan.
Score: 7 Votes (Like | Disagree)
appleguy123 Avatar
appleguy123
129 months ago
Technically Apple could absolutely offer a cloud backup solution where even they couldn't access the data. For example, they could let the user pick a backup password (same as they already do for encrypted iTunes backup) and use it to encrypt the data before uploading to iCloud. Of course this means that users who forget the password couldn't restore their backup, which is why they should probably make this optional and give the user a proper warning. And, BTW, there are cloud services that use similar approaches to encrypt their users' data, e.g. Spideroak and the backup service Crashplan.
Wouldn't Apple would have to store enencryption keys in the cloud though to make it work on a different device than the original phone?
Score: 5 Votes (Like | Disagree)
RedOrchestra Avatar
RedOrchestra
129 months ago
Now everyone will want a 1TB iPhone, since they won't want to be backing up all that secure stuff they own to the iCloud.
Score: 5 Votes (Like | Disagree)
ParanoidDroid Avatar
ParanoidDroid
129 months ago
I guessed that already, but now it's a fact on public record. The only 'safe' solution is to delete all our iCloud backups data, and not use any iCloud services.

But here is the problem! Apple is increasingly integrating iCloud services deep into its iOS and Mac OS X. It's almost impossible to use Apple products without iCloud. This is scary... :eek:

We're all already trapped deep in total surveillance by the NSA and god knows by whom else. The orwellian society is real! :(

I feel like a chimp sitting in a zoo while constantly being watched. Welcome to the 21st century's privacy striptease.

The only way out of our modern tech zoo is going low-tech and to move to an isolated island, dig a cave there (beware spy satellites), and hide there forever.
Score: 5 Votes (Like | Disagree)
tentales Avatar
tentales
129 months ago
Now everyone will want a 1TB iPhone, since they won't want to be backing up all that secure stuff they own to the iCloud.
1TB hard drives are very inexpensive nowadays. Unless you don't have access to a computer, backing your iPhone up to an encrypted drive or two or three, storing one in a bank vault, you're more secure than backing up to any cloud.
Score: 5 Votes (Like | Disagree)
Read All Comments