Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

iPhone/iPad backups stored locally on iTunes (or Finder, in Catalina) are end-to-end encrypted.

iCloud backups always were encrypted based on a key derived from your iCloud account credentials, since the beginning...




> iPhone/iPad backups stored locally on iTunes (or Finder, in Catalina) are end-to-end encrypted.

Optionally encrypted: https://support.apple.com/sl-si/HT205220


I suppose even if you don't check the box to encrypt, you're still protected by FileVault.


> I suppose even if you don't check the box to encrypt, you're still protected by FileVault.

FileVault too is optional: https://support.apple.com/en-us/HT204837


File Vault I think is enabled by default now on new Macs? Or at least, its in the initial setup wizard with a "dark pattern" to encourage enabling it?


For local backup, iMazing is great. It also does other useful things. It costs money though and you can decide whether that's a feature or bug.

https://imazing.com/


Does imazing restore a phone as it is?

First party backups from Apple (iCloud/iTunes) restore a perfect replica of the phone, including app icon locations, arrangement, notifications, offloaded storage etc. I'm honestly skeptical that anyone else would be able to pull that off.


Who cares about this?

Yes, Apple has private APIs that it uses for its monopoly abuse benefit. That is why Apple's "Music" app can't be deleted from your computer ("'Music.app' can’t be modified or deleted because it’s required by macOS.") but Spotify can be deleted.

The solution is for Spotify to sue them on this specific issue and for other people to sue them similarly.


Was this previously called iFunBox or something else?


Wikipedia says Created by DigiDNA, the software was initially released in 2008 as DiskAid, enabling users to transfer data and files from the iPhone or iPod Touch to Mac or Windows computers. DiskAid was renamed iMazing in 2014.

https://en.wikipedia.org/wiki/IMazing


Do they happen re-encrypt if I change my credentials a bunch of times or do they use my first ever password which was 123456?


The point of key derivation is that it can use a key to encrypt that is in turn protected by another key/password. So the amount necessary to re-encrypt when your password changes is just the encryption applied to the key. A similar technique is used in local disk encryption, where you don’t need to spend hours re-encrypting your hard drive just because you’ve changed your local account password...


Then it must need my password to decrypt the key which was used to encrypt the raw data? What if I do not tell them my password, (assuming my password is one way hashed and stored) would that brick the key and in turn brick the data? Clearly I am missing something here..

Edit: or since it is "derived" and not really password which is used for encryption -- the derived thing could well be the hashed password. We are doomed. They might as well serial number their user and use that as key then. Never mind.


You’re overthinking it. Create a private key. Protect that key with a pass phrase. If you change your password, you’re really changing the pass phrase.

Does that clear it up at all?

FYI these concepts are originated from military crypto. The foundations are solid. Implementation... well you know how that always is.... one CVE away from perfect!!


The local backups are encrypted with a key separate from your iPhone passcode. You can change it in iTunes, not sure if it re-encrypts or not.

But of course, we are talking about local backups so if you have full-disk encryption or back them up to an encrypted virtual drive, you don't even need whatever encryption comes with them.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: