iPhone password must be stored in iCloud under iOS 13?

Question

iPhone password must be stored in iCloud under iOS 13?

After upgrading to iOS 13, I received a prompt to re-sign in with my AppleID (somewhat expected). But after going to Settings and doing so, I got the prompt in the attached screenshot.

"The passcode you use to unlock this iPhone will also be used to access saved passwords and other sensitive data you store in iCloud."

I do not use iCloud Keychain or iCloud backup.

Has anyone else encountered this? Does this mean that under iOS 13, users are required to store their local device passcode in iCloud? Or that some information stored in iCloud is encrypted/hashed using the local device passcode?

If so, that's concerning and seems to be at odds with Apple's usually stellar approach to privacy and security. My understanding is that previously, the passcode was only stored on the device and used not only to unlock it but also plays a role in things like local storage encryption. If the password is stored (directly or indirectly) in iCloud, is Apple now effectively maintaining a database of device passcodes for every device, potentially vulnerable to hacking, misuse or Apple being compelled to share a user's passcode in response to a legal order?

iPhone X

Posted on Sep 19, 2019 12:41 PM

Reply

Answer 1

Best reply

ThusSprachSpach Author

Level 1

4 points

Sep 20, 2019 12:01 PM in response to ThusSprachSpach

After chatting with Apple support, I believe I understand the issue here, so I'm posting in case anyone else encounters something similar.

As this Apple support article explains, most iCloud features (e.g. Contacts, Backup, Find My iPhone, Drive) use end-to-end encryption to protect your data. This is a very good thing because it means that your data is encrypted locally on your device and then the encrypted data is sent to Apple's servers and stored in encrypted form. That means that no one -- not even Apple -- has access to your unencrypted data and that no one -- not even Apple -- has access to the keys needed to decrypt it.

The mechanism that Apple uses to do the encryption involves generating an encryption key based on your device passcode, hence the prompt above asking for it. But the passcode is used to generate the encryption keys locally (and in the decryption process locally on the other end). It is never sent to Apple or stored in iCloud. Only the encrypted data is stored in iCloud.

This was further confusing for me because the encryption mechanism used here is based on the one used by iCloud Keychain, which is a service I don't use. But even if you don't use iCloud Keychain, the iCloud data for the services you use is encrypted locally using the same mechanism involving the device passcode.

Reply