Just before WWDC, if you’ll remember, I had a little argument with myself about the nature of encryption for iCloud backups. I was specifically interested in the nature of iMessages within iCloud backups because, as noted by Joshua Kopstein of Vice, Apple has the keys to their own backup system:
It turns out the privacy benefits Apple likes to talk about (and the FBI likes to complain about) basically disappear when iCloud Backup is enabled. Your messages, photos and whatnot are still protected while on your device and encrypted end-to-end while in transit. But you’re also telling your device to CC Apple on everything. Those copies are encrypted on iCloud using a key controlled by Apple, not you, allowing the company (and thus anyone who gets access to your account) to see their contents.
That’s set to change with this year’s round of operating system updates. Lorenzo Franceschi-Bicchierai, Vice:
During an interview with Apple blogger and Daring Fireball’s owner John Gruber, Federighi said that the company has figured out a way to do syncing while still remaining unable to read your iMessages. Here’s what he said (this exchange is around the 01:05:30 timestamp in the video):
“Our security and encryption team has been doing work over a number of years now to be able to synchronize information across your, what we call your circle of devices—all those devices that are associated with the common account—in a way that they each generate and share keys with each other that Apple does not have.”
“And so, even if they store information in the cloud, it’s encrypted with keys that Apple doesn’t have. And so [users] can put things in the cloud, they can pull stuff down from the cloud, so the cloud still serves as a conduit—and even ultimately kind of a backup for them—but only they can read it.”
It isn’t clear how they’re doing this, nor is it clear whether this only applies to iCloud syncing of messages or all iCloud backups.