iCloud Backups Not as Secure as iOS Devices to Make Restoring Data Easier

icloud_icon_blueApple's ongoing fight with the FBI over whether the company can be compelled to help the government unlock the iPhone 5c used by San Bernardino shooter Syed Farook has brought the full range of Apple's privacy policies into the spotlight.

The details surrounding the case have made it clear that while Apple is unable to access information on iOS devices, the same is not true of iCloud backups. Apple can decrypt an iCloud backup and provide the information to authorities when ordered to do so via a warrant, as it did in the San Bernardino case.

In a piece posted on The Verge entitled "The iCloud Loophole," Walt Mossberg takes a look at Apple's iCloud backups and explains the reason why iCloud data can't be made as secure as data stored solely on an iPhone or iPad.

Apple is able to decrypt "most" of the data included in an iCloud backup, and an Apple official told Mossberg that's because the company views privacy and security issues differently between physical devices that can be lost and iCloud. With iCloud, it needs to be accessible by Apple so it can be used for restoring data.

However, in the case of iCloud, while security must also be strong, Apple says it must leave itself the ability to help the user restore their data, since that's a key purpose of the service. This difference also helps dictate Apple's response to law enforcement requests. The company's position is that it will provide whatever relevant information it has to government agencies with proper, legal requests. However, it says, it doesn't have the information needed to open a passcode-protected iPhone, so it has nothing to give. In the case of iCloud backups, however, it can access the information, so it can comply.

iCloud backups contain iMessages and texts, content purchase history, photos and videos, device settings, app data, voicemail password, and health data. Backups don't include information that's easily downloadable, such as emails from servers or apps, and while iCloud backup does encompass iCloud keychain, Wi-Fi passwords, and passwords for third-party services, that information is encrypted in a way that makes it inaccessible to Apple.

Mossberg suggests customers who don't want to upload data to Apple via an iCloud backup make local encrypted backups through iTunes using a Mac or PC, and he points out that other cloud storage services, like Dropbox, are no more secure.

Mossberg's full exploration of iCloud is available over at The Verge and is well worth reading for anyone interested in the security of data stored in the cloud.

Top Rated Comments

Mums Avatar
64 months ago
This is called security theater.
Score: 7 Votes (Like | Disagree)
Rigby Avatar
64 months ago
Technically Apple could absolutely offer a cloud backup solution where even they couldn't access the data. For example, they could let the user pick a backup password (same as they already do for encrypted iTunes backup) and use it to encrypt the data before uploading to iCloud. Of course this means that users who forget the password couldn't restore their backup, which is why they should probably make this optional and give the user a proper warning. And, BTW, there are cloud services that use similar approaches to encrypt their users' data, e.g. Spideroak and the backup service Crashplan.
Score: 7 Votes (Like | Disagree)
appleguy123 Avatar
64 months ago

Technically Apple could absolutely offer a cloud backup solution where even they couldn't access the data. For example, they could let the user pick a backup password (same as they already do for encrypted iTunes backup) and use it to encrypt the data before uploading to iCloud. Of course this means that users who forget the password couldn't restore their backup, which is why they should probably make this optional and give the user a proper warning. And, BTW, there are cloud services that use similar approaches to encrypt their users' data, e.g. Spideroak and the backup service Crashplan.

Wouldn't Apple would have to store enencryption keys in the cloud though to make it work on a different device than the original phone?
Score: 5 Votes (Like | Disagree)
RedOrchestra Avatar
64 months ago
Now everyone will want a 1TB iPhone, since they won't want to be backing up all that secure stuff they own to the iCloud.
Score: 5 Votes (Like | Disagree)
ParanoidDroid Avatar
64 months ago
I guessed that already, but now it's a fact on public record. The only 'safe' solution is to delete all our iCloud backups data, and not use any iCloud services.

But here is the problem! Apple is increasingly integrating iCloud services deep into its iOS and Mac OS X. It's almost impossible to use Apple products without iCloud. This is scary... :eek:

We're all already trapped deep in total surveillance by the NSA and god knows by whom else. The orwellian society is real! :(

I feel like a chimp sitting in a zoo while constantly being watched. Welcome to the 21st century's privacy striptease.

The only way out of our modern tech zoo is going low-tech and to move to an isolated island, dig a cave there (beware spy satellites), and hide there forever.
Score: 5 Votes (Like | Disagree)
tentales Avatar
64 months ago

Now everyone will want a 1TB iPhone, since they won't want to be backing up all that secure stuff they own to the iCloud.

1TB hard drives are very inexpensive nowadays. Unless you don't have access to a computer, backing your iPhone up to an encrypted drive or two or three, storing one in a bank vault, you're more secure than backing up to any cloud.
Score: 5 Votes (Like | Disagree)

Top Stories

cook cbs this morning

CBS This Morning: Apple to Make 'Big Announcement' Tomorrow Morning

Tuesday January 12, 2021 8:46 am PST by
CBS This Morning today shared a short clip of an upcoming interview with Apple CEO Tim Cook in which addressing last week's events at the U.S. Capitol, with Cook saying "it's key that people be held accountable for it." Following the clip, Gayle King of CBS noted that the interview with Cook was not specifically arranged to address the current controversy over Parler and other repercussions, ...
ipad pro 2021 mysmartprice cad

Allegedly Leaked 2021 iPad Pro CAD Images Suggest Few Design Changes

Tuesday January 12, 2021 3:38 am PST by
Tech blogs 91mobile and MySmartPrice on Tuesday posted a series of allegedly leaked factory CAD images of Apple's upcoming fifth-generation 11-inch iPad Pro. Rumors suggest Apple plans to announce two new iPad Pro models in both 11-inch and 12.9-inch versions, and today's images offer perhaps the clearest indication yet that Apple's next-generation iPad Pros will have minimal, if any,...
prototype iphone 12 pro

Prototype iPhone 12 Pro Shown Off in Photos

Wednesday January 13, 2021 3:39 pm PST by
Developer Giulio Zompetti, who often shows off prototype versions of Apple devices, today highlighted a prototype version of the iPhone 12 Pro. The iPhone 12 Pro is running an operating system called SwitchBoard, a nonUI version of the iOS 14 update that Apple uses internally. We've seen SwitchBoard on prototype devices before, as Apple uses it to test new features. Zompetti's prototype...
find my app safari post

Safari Allows Users to Enable Hidden 'Items' Tab in 'Find My' App Ahead of AirTags Launch

Wednesday January 13, 2021 5:45 am PST by
As seen in screenshots obtained by MacRumors in 2019, Apple's long-rumored AirTags items trackers are expected to be managed through the Find My app on iPhone, iPad, and Mac. Now, any user can get an early look at this tab. MacRumors reader David Chu today alerted us that the hidden "Items" tab in the Find My app can be enabled on an iPhone or iPad by typing in the link findmy://items in...
iphone x camera close

iOS 14.4 Will Introduce Warning on iPhones With Non-Genuine Cameras

Thursday January 14, 2021 8:07 am PST by
In the second beta of iOS 14.4 seeded to developers and public testers this week, MacRumors contributor Steve Moser has discovered code indicating that Apple will be introducing a new warning on iPhones that have had their camera repaired or replaced with aftermarket components rather than genuine Apple components. "Unable to verify this iPhone has a genuine Apple camera," the message will...
mac anti reflective coating issue

Apple's Anti-Reflective Coating Repair Program Still in Effect for Some MacBooks With New Mail-In Policy

Tuesday January 12, 2021 10:07 am PST by
In an internal memo obtained by MacRumors, Apple recently informed its network of Apple Authorized Service Providers that mail-in repair is now required for Mac notebooks with anti-reflective coating issues in the United States. The new policy went into effect January 4, 2021 and means that customers who take an eligible 12-inch MacBook or MacBook Pro exhibiting this issue to an Apple...
pioneer carplay wc5700nex

The Best Apple-Related Accessories at CES 2021

Wednesday January 13, 2021 1:16 pm PST by
CES 2021 is taking place digitally this year, and it hasn't been as exciting as in past years because many vendors have opted out. That said, some companies are still showing off some interesting Apple-related accessories that are coming out this year and that will be of interest to Mac, iPad, and iPhone users. Subscribe to the MacRumors YouTube channel for more videos. Pioneer Wireless...
Hue module dimmer switch

Philips Hue Announces New Wall Switch Module, Dimmer Switch, and Outdoor Light Bar

Thursday January 14, 2021 3:11 am PST by
Philips Hue has announced a new wireless dimmer switch module that lets Hue bridge owners directly control the smart lighting from their standard wall switches. The new Philips Hue wall switch module is the ideal addition to any Philips Hue set up. Installed behind existing light switches, it allows users to turn their existing switch into a smart switch and ensures their smart lighting is...
whatsapp wallpapers 1

WhatsApp Affirms User Privacy Following Backlash Over Data Sharing With Facebook

Tuesday January 12, 2021 6:39 am PST by
Following backlash after changing its terms and privacy policy to consolidate a significant amount of data sharing with Facebook, WhatsApp is now assuring users about the privacy measures built into its app. Last week, WhatsApp began informing users of updates to the app's terms of service and privacy policy. The updated agreements, which users must consent to in order to continue using...
apple racial equity justice initiative propel center render 01132021

Apple Launches New Nationwide Racial Equity and Justice Initiative Projects

Wednesday January 13, 2021 4:08 am PST by
Apple today announced a set of new projects as part of its $100 million Racial Equity and Justice Initiative (REJI) to help dismantle systemic barriers to opportunity and combat injustices faced by communities of color. Rendering of the Propel Center The projects include the Propel Center, a global innovation and learning hub for Historically Black Colleges and Universities (HBCUs), an Apple ...