> On December 7, 2022, Apple announced Advanced Data Protection for iCloud, an option to enable end-to-end encryption for almost all iCloud data including Backups, Notes, Photos, and more. The only data classes that are ineligible for Advanced Data Protection are Mail, Contacts, and Calendars, in order to preserve the ability to sync third-party clients with IMAP, CardDAV or CalDAV.
All the in-transit encryption in the world won't matter if they've pwned the decrypted client device.
Every company from your device's manufacturer, OS vendor, telecom carrier, app distributors and 3rd party software providers can be compelled to help make that happen.
If you want a deeper dive into the security engineering of iCloud Keychain, the second half of this Blackhat talk by Apple's head of Security Engineering & Architecture (SEAR) is really great:
Does all of that matter if an attacker has access to your device and can take screenshots of your conversations, or read those conversations out of memory in their unencrypted state?
No it doesn't — that's a totally different threat model.
Advanced Data Protection is mostly concerned with protecting data from attackers on the server and in transit.
If you're interested in protections when an attacker has physical access to your device, you should read the "Encryption and Data Protection" section of Apple's Platform Security Guide.
The difference is that if the NSA has physical access to my phone, I'm probably aware of it. It makes routine fishing expeditions across broad populations much harder and more expensive, as well as easier to oppose.
If they can fish remotely and automatically, accountability goes completely out the window.
>all the encryption in the world does not matter if either end of the conversation is confiscated or pwned by adversaries.
Yes of course, but it's not so simple to bypass the hardware-enforced protections that exist both device side and server side. As far as I can tell, it seems effort was made to design/architect everything in such a way such that the protections can't be retroactively circumvented even under legal compulsion.
Disclosure: I previously worked for Apple, but not on the design/implementation of any of this stuff and this is all my own opinions, not those of Apple.
You thinking way too deep when the whole OS including implementation of the E2EE is proprietary and could be silently and targeted exchanged for a backdoored variant if it's not by default.
A good portion of HN believes Apple would never do that so I wasn't going to bother with that angle because of the inevitable defensive posts it would generate in response.
