Apple and End-to-End Encryption: According to today’s report, Apple has not implemented end to end encryption on iCloud backups at the request of the FBI. Apple can’t verify the report, but it has some other reasons not to encrypt iCloud backups. At last, I am not anxious about the absence of end-to-end encryption in iCloud, because it’s to my advantage. Let me explain:
Firstly, data in iCloud is encrypted. But remember both of you can decrypt it (you and Apple). Apple doing this for customers who want access to their account and have lost it by other means. Also for law enforcement officials who provide the appropriate request.
Some data saved in iCloud is cipher end-to-end. It means that without a decryption key managed by the user, that data isn’t useful to anyone. What’s the problem here is that not all iCloud data is cipher end-to-end. If it were, Apple can’t help law enforcement when it needs to. Apple also couldn’t unlock user data when users request their help.
If you’re still confused about how Apple keeps iCloud data safe, you can read its own iCloud security overview to get a better understanding.
What is iCloud Backup?
iCloud Backup is part of the core services Apple offers iPod touch, iPhone and iPad users. It makes it easy to set up a latest device or to restore the information back onto your device without losing any data.
Once active, iCloud Backup runs as an automated process on your device. Also, it happens when your device is plugged in, charging, locked and connected to a Wi-Fi network. Basically it happens at midnight or at other low-traffic times. iCloud Backup includes the following things:
- App data and settings
- Apple Watch backups
- Ringtones and other information on your phone
- Images and messages
iCloud Backup doesn’t back up your contacts and calendar info, Safari bookmarks, Notes. None of the apps you have on your phone or content you’ve downloaded from Apple Music are backed up in iCloud Backup. Because all of that stuff is in the cloud. You can just re-download copies of the apps or entertainment content you might want to have again. Restoring from a backup causes the phone to just re-download the apps you installed directly from the App Store.
Selectively Apple employs end-to-end encryption for some of its services. At least when it comes to iCloud backups, you have a key, that key stays secure. But if Apple receives a legal request from any agency, it’s obliged to unlock your account and share that data.
Apple also keeps a record of such requests it received for the first half of 2019 in a recently-published transparency report. Apple just complied with a user account and device data requests from governments around the world the vast majority of the time.
We’re our own worst enemy
Unfortunately, many of us forget our passwords, lose our encryption keys, and will even get rid of devices. Also, we get the latest ones without remembering that we’ve employed schemes like two-factor authentication (2FA). Then we find it difficult when the times come to restore our device or set up new ones. We’re locked out of our devices. The devices are unable to log in to our Apple ID, unable to authenticate to prove our identity.
When I worked for an Apple service provider, every day I encounter customers in this dilemma. It is a constant issue for those users who use these devices.
Cracking an Apple ID account without the right credentials is not a trivial process. Also, I’d argue that it shouldn’t be. It can take days for Apple to check your identity before unlocking you.
Between Security And Convenience
The report comes at a time when Apple is busy with the federal government over its role in unlocking iPhones used by a suspected terrorist. Last week both the President and the U.S. Attorney General called on Apple to unlock the devices used by the people who shot personnel at the Pensacola Naval Base in Florida last December.
Apple stood up to the government to build in a backdoor to its devices and operating systems (OS). As it would let law enforcement officials more easily gain access to the contents on those devices. The company said in a statement:
Backdoors can also be used by those who broke our national security and the data security of our customers.
Made Its Own Bed – Apple’s End-to-End Encryption
Apple makes a line between security and convenience, and certainly, that line is tough to distinguish. But this is also an issue that Apple’s made for itself. Just because privacy and data security have become so central to Apple’s message to customers. News stories and rumors like this run the risk of subverting Apple’s credibility as a company that values privacy. Apple’s made its own bed when it comes to privacy, and now it has to sleep in it.
What’s clear is that Apple and End-to-End Encryption is important for some of Apple’s customers. I’d love to see Apple incorporate it for those who feel we need it. But I think if you ask the average Apple user, “would you like to have more save backups, or backups Apple can help you restore if need be”. The average person will favor the latter more than the former.
I feel this isn’t a one size fits all answer, and that convenience isn’t the answer for everyone. There is a solution. If having an encrypted backup of your iPhone is important to you, use your Mac to back it up. You can also encrypt local backups to your heart’s content. Lowering backups to the cloud means that you’re going to play by Apple’s rules.
Here’s the bottom line as I see it: Apple has tried to make it quite easy and simpler to ensure you don’t lose your data. Backing up to iCloud and using iCloud sync services (like iCloud Photo or Messages in iCloud) allows you to do exactly that.
If you’re anxious about protecting your data then the best solution is to keep your data off the cloud altogether. Although that’s likely to create as many issues as it solves. But it’s a choice.
Here’s all about Apple and End-to-End Encryption. If you have anything to share with us then let us know in the comment section below. What are your views about Apple and End-to-End Encryption?