Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
All change for iPhone?
Apple has now compromised the security options for tens of millions of iPhone users after misjudged government pressure. And while this currently affects only UK users and there’s no hint yet that America intends anything similar, the FBI amongst other U.S. law enforcement agencies is pushing for the same.
iPhone Vs Android
Against this backdrop, there was a wry twist this weekend courtesy of Joe Rogan, Elon Musk and Google. Rogan described Apple’s forced move as “insane,” and asked his 15 million X followers whether “the UK government [has]
the same access to Android Phones.” If not, he suggested, “it’s a great motivation to switch platforms.”
“Good question,” Musk chipped in.
iPhone Vs Android
And then along came Google to answer Rogan’s question, telling him that “Android backups are encrypted and no one can access them except you,” and that “it’s been that way since 2018.” This is a jibe at Apple’s UK iCloud backups no longer being protected by that same “no one can access them except you” protection.
iPhone Vs Android
The UK change is very specific to the way in which Apple devices interact with iCloud. Sensitive Apple apps on your iPhone are always end-to-end encrypted, for example your keychain, health data and payments. But others — photos, notes, voice memos and more — are only fully encrypted with the Advanced Data Protection (ADP) that Apple has disabled for new UK users and which will be removed for existing users shortly.
iCloud Drive — where you can store your own files — and your device backups are also only end-to-end encrypted with ADP enabled. It’s this that Google is referring to with its more secure than iPhone jibe. And it’s much more critical than it seems.
Let’s take iMessage as the primary example. Apple stresses that iMessage is fully end-to-end encrypted, which makes it as secure as WhatsApp or Signal. We already know this security falls away if you message outside Apple’s walled garden — RCS is not yet end-to-end encrypted between iphone and Android.
But there’s now a much worse problem. If you set up iMessages with “Messages in iCloud” and have iCloud backups enabled, then Apple warns “your backup will include a copy of the Messages in iCloud encryption key to help you recover your data.” As such, iMessage users in the UK are about to lose fully end-to-end encrypted iMessage. Apple can access the backups, meaning they’re not really end-to-end encrypted.
So, is Android more secure than iPhone — not really. But it’s certainly true that where backups are concerned, UK iPhone users are about to lose the “no one but you” security that Google claims is still available for U.K. Android users.
The more important question — as I’ve pointed out since the beginning of this furor — is whether the UK action stopped at Apple. Doing so makes little sense — a bad actor would simply move from an iPhone to a Pixel or Samsung. It seems more likely that the same pressure has been put on Google and Samsung and one assumes Meta as well.
Given the secret nature of this process, none of the other parties can comment. But the expectation with apps like WhatsApp and Android backups is that a change would need to be made to undo encryption, signalling that data can be lawfully accessed. If that’s the case, Google’s response to Rogan and Musk might come home to bite.
