Use iTunes, Not iCloud, to Back Up Your iPhone
Privacy is definitely one reason to use local backups; if your encrypted phone backup is stored on your encrypted laptop that is itself protected with a strong password, there’s very little chance that anyone without the right credentials can get access to anything.
There are also benefits when you’re restoring that backup to your iPhone. As Apple’s page on encrypted iTunes backups outlines, encrypted local backups are the only ones that contain saved account passwords, Wi-Fi settings, browsing history, and data from the Health app. Apple doesn’t want this data on its servers for security and privacy reasons, and it’s not stored in unencrypted local backups for the same reason. Use encrypted local backups, and you get that info back if you need to do a restore.
It also helps if you’re upgrading to a new phone or using a loaner or replacement phone. When you restore an iCloud backup to a phone or tablet that’s not the phone or tablet you backed it up from, you don’t lose any of your photos or iMessage history or anything like that, but you do lose the credentials for e-mail accounts and any other apps that require authentication.
An archived iTunes backup is essential because it saves the current state of your iOS device and prevents it from being accidentally overwritten by subsequent backups. Apple recommends all public beta testers create an archived backup before installing a beta in case something goes wrong and a restore is needed.
[…]
To archive the backup, choose “Preferences” from the iTunes menu and select the “Devices” tab. Choose the fresh backup and right click to bring up the “Archive” option.
Update (2016-02-25): I have been informed that iCloud backups do include this extra data. Apple says they are encrypted, but I think this is on disk and in transit—not encrypted from Apple, who we know can access the data because it provides it to law enforcement. So it’s on the level of Dropbox’s encryption.
Update (2016-03-03): Juli Clover:
The details surrounding the case have made it clear that while Apple is unable to access information on iOS devices, the same is not true of iCloud backups. Apple can decrypt an iCloud backup and provide the information to authorities when ordered to do so via a warrant, as it did in the San Bernardino case.
In a piece posted on The Verge entitled “The iCloud Loophole,” Walt Mossberg takes a look at Apple’s iCloud backups and explains the reason why iCloud data can’t be made as secure as data stored solely on an iPhone or iPad.
2 Comments RSS · Twitter
[…] after this change is made — and it’s a valid concern — it would be best to continue to create a local, encrypted backup […]
The other reason we know that the data isn't (meaningfully) encrypted on Apple's servers is because... encrypted with what? Can't be anything only on the device, or you wouldn't be able to restore it. Maybe your iCloud password? But then changing your password would invalidate all your backups and that's not the case. So if it's encrypted at all, it's with something that Apple know (and we don't), thus it's meaningless.