Apple's iCloud backups feature has found itself under spotlight today. According to a report, the Cupertino, California-based company had planned to enable end-to-end encryption for the iPhone and iPad cloud backups back in 2018 but it dropped the plan after Federal Bureau of Investigation (FBI) complained. The end-to-end encryption would have made the user data completely secure and FBI or any other law enforcement agency would not be able to access it, even with the help of Apple as they can do right now, for most data stored in iCloud.
Reuters reports that several sources have told the news agency that the iPhone maker in 2018 was mulling to add end-to-end encryption for all user data on iCloud and it shared the same with FBI. The plan was aimed to thwart hackers and safeguard user data, however FBI wasn't very happy and it reportedly told the company that this will hamper investigations and deny them a key way to get evidence against criminals using iPhone models. The absence of end-to-end encryption acts as a loophole that is used by the company to share data with government and law enforcement agencies if it wants.
For a company that has touted its efforts for user privacy, these revelations come as a shock to many people. But there is little that the consumers can do in this regard, apart from not using iCloud backups or moving to Android that has its own set of issues as the platform by default doesn't offer as granular backups as Apple and you will have to use third-party services to get such comprehensive backups.
While Apple may have decided to skip end-to-end encryption for most of the backed up iPhone data, the company still encrypts all data in transit and on its iCloud servers. Here's a look at exactly what Apple encrypts normally or with end-to-end encryption.
According to iCloud security overview, home screen data, health data (on iOS 12 or later), iCloud Keychain, payment information, QuickType Keyboard learned vocabulary (on iOS 11 or later), Screen Time details, Siri information, and Wi-Fi passwords, are all encrypted end-to-end. So, apart from the users, nobody can access these details. Apple uses iPhone passcode to encrypt the data. Messages are a special case, and messages itself use end-to-end encryption but a copy of messages resides in the iCloud backup that is not end-to-end encrypted.
Apart from aforementioned data, stuff like Safari history and bookmarks, calendars, contacts, notes, photos, reminders, iCloud backup, iCloud drive, voice memos, and more are encrypted during transit and on iCloud servers, but don't use end-to-end encryption. Apple with its own decryption key can read these details and share with government agencies if compelled.
The best way is to stop iCloud backups. You can back up your iPhone the old-fashioned way by using a cable and iTunes. This way while your data in backed up and encrypted, it resides on your own machine, thus Apple can't share it with governments or anyone else even if it wants to. Having said that, the government can compel you to decrypt it by legally forcing you.
As a platform, Android doesn't offer device backups as comprehensively as Apple. However, the device manufacturers often include their own backup and restore solutions that work best when used with their own devices. Google's backup solution, which received end-to-end encryption support in 2018 with Android 9 Pie, allows users to back up App Data (as long as it is supported by the app), SMS text messages, device settings, call history, and contacts. Nothing else is backed up by Google's own solution, however everything that Google backs up will use end-to-end encryption as long as you have a screen PIN, pattern, or password set.