‘Encrypted’ Isn’t Good Enough ⇥ support.apple.com
One of the things I touched upon in my initial commentary on today’s Reuters report is that Apple uses “encrypted” to mean different things in different contexts. For years now, I have been frustrated by the context switching in this one knowledgebase article on Apple’s support website:
This article can help you decide which backup method is best for you. In case you ever need an alternative backup, you can make a backup in iCloud and another using your computer.
iCloud
[…]
- Always encrypts your backups
[…]
Computer
[…]
- Offers encrypted backups (off by default)
A related article about encrypted backups makes a similarly misleading claim:
[…] To encrypt a backup in the Finder or iTunes for the first time, turn on the password-protected Encrypt Backup option. Backups for your device will automatically be encrypted from then on. You can also make a backup in iCloud, which automatically encrypts your information every time.
There is nothing technically incorrect about this explanation. iCloud backups are, indeed, encrypted every time; local backups have encryption as an option. But whether a backup is “encrypted” is not enough information to decide which method is more secure. Apple holds the keys to iCloud backups, but only users know their local backup key.
It’s worth noting that Apple has been evaluating whether to offer encrypted iCloud backups since at least February of 2016, and possibly sooner. Today’s Reuters report suggests that Apple dropped that plan at some point in early 2018, though an October 2018 interview with Tim Cook in Spiegel indicated that the company was still working on it. I’m not sure what the correct timeline is, but I hope that renewed public pressure can encourage the company to make it a priority. It is imperative that users know exactly how their data is being used, and there is no reason that enabling backups should compromise their security and privacy.
Update: Lawrence Velázquez:
This reminds me of the Facebook 2FA fiasco, a more egregious case of something positive (2FA) being needlessly tainted (abuse of SMS numbers for non-2FA purposes).
This is exactly right. One of the effects of Apple’s confusing language around backups and encryption is that some people may not trust either. It’s not a great day when Apple is getting unfavourably compared to Facebook on privacy and security matters.