Apple looking into upgrading iCloud storage with end-user encryption
Apple’s smartphones and tablets offer users some pretty strong security, protecting both their devices and the data on them from access by unauthorized third parties. But while the use of strong encryption helps keep iPhone data secure, there’s one giant loophole in Apple’s security setup: its iCloud backups. For while all that data’s nice and encrypted as it exists on on your phone, that protection goes away once you send a copy to Apple’s servers – and the company can and does provide iCloud backups in response to law enforcement requests, as it did in the controversial San Bernanrdino case. But as that headline-grabbing case causes Apple to turn an inwards eye on its own security practices, even that arrangement might change going forward, and a new report claims that Apple’s looking into ways to seriously increase the security of iCloud backups.
Right now, Apple’s iCloud backups act as a bit of a failsafe: you may lose your phone, or forget your password (effectively locking you out of the data on it), but Apple can always help you restore a backup copy from its iCloud servers.
That may be convenient, but from a user’s perspective, it’s far from secure. That’s why Apple’s supposedly investigating how it might offer more comprehensive encryption for iCloud backups – letting users store phone data that even Apple itself can’t access (just like iCloud Keychain data now).
It’s not clear just yet how Apple might intend to implement such a system, while also trying not to over-burden users in the process. However it might go about doing so, don’t expect law enforcement to be happy about Apple’s changes denying them access to cloud data going forward.
Source: The Wall Street Journal