iCloud Security / End To End Encryption, Yea But

In reading the notes from Apple about iCloud security, https://support.apple.com/en-us/HT202303 , it brings up a few questions in my mind.

With 2FA turned on of course, are ALL files, docs, pdf’s, etc, encrypted end to end, AND on the servers?

And if the answer is yes, then how does law enforcement read the data that they have obtained by a legal process?

Mostly thinking about this since Apple has really been hyping themselves as being more secure with our data. Data that they don’t want to be responsible for anyway, (I can’t blame them there).

Law enforcement and Apple can read everything in iCloud but these (from the e2e portion of that document):

  • Home data
  • Health data (requires iOS 12 or later)
  • iCloud Keychain (includes all of your saved accounts and passwords)
  • Payment information
  • Quicktype Keyboard learned vocabulary (requires iOS 11 or later)
  • Screen Time
  • Siri information
  • Wi-Fi passwords

Apple encrypts everything else with its own key, so they are able to decrypt it to serve to you, or to comply with a warrant. I don’t know how securely they are able to transfer information to law enforcement because at some point it has to go into a police/court system they can’t control.

I don’t know how feasible it would be to e2e encrypt everything. I’d like to see it, though. I know a major benefit to a cloud storage provider of reading your files is deduplication of files and portions of files, which reduces storage costs. I would pay iCloud more for better encryption but I am certainly in the minority.

1 Like

cornchip, you are reading my mind on this!

I know if MacSparky is reading this, he is thinking “I KNOW THE ANSWER”, but I don’t expect him to stick his legal neck out.

So cornchip. If Apple cannot un-encrypt the mentioned items, then (1), if law enforcement can’t read the data, what else would they be after, (other than illegal pics)? (2), if keychain is this well protected, why is Password Protector Apps so hot right now?

Before anyone says it, No, I am NOT trying to hide anything in iCloud. The discussion about backups got me to thinking deeper about cloud backups.

I don’t think you should have to apologize for protecting your data—not a fan of “having nothing to hide.”

  1. Besides images of children etc, law enforcement is often after evidence of crimes in messages (bragging about a robbery, for example, or arranging a drug deal), financial crimes in documents, timestamps to prove whereabouts/activity while something else was happening, etc.

  2. Password managers are popular because without them, it’s really hard to securely share credentials with others. Keychain is limited to the local computer or to the iCloud account to which it’s attached. Keychain is just as secure as something like 1password, though.

1 Like

Your answers were well my friend! Thank you for explaining it out more.

1 Like

Apple announced some solid iCloud security updates today:

Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications.

Now with Security Keys, users will have the choice to make use of third-party hardware security keys to enhance [two factor authentication].

For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar

iMessage Contact Key Verification will be available globally in 2023. Security Keys for Apple ID will be available globally in early 2023. Advanced Data Protection for iCloud is available in the US today for members of the Apple Beta Software Program, and will be available to US users by the end of the year. The feature will start rolling out to the rest of the world in early 2023.