Backing up iPhone/iPad with Catalina

I'm still getting the "AMPDevicesAgent wants to use your confidential information stored in iOS backup in your keychain" messages. So I chatted to Apple Support for 3/4 of an hour. The Agent was actually very good and checked up on all sorts of things. I shared screenshots of the message and Activity Monitor info for AMPDevicesAgent and AMPDeviceDiscoveryAgent. Here are some pertinant excerpts from the conversation;

Agent;

"I checked on my lab machine (Which never has any 3rd Party Apps) which I upgraded from 10.14 and was able to locate AMPDevicesAgent.  This confirm the behavior is expected."

This is useful as it confirms that AMPDevicesAgent is not 3rd party software but is included with Catalina.

Agent;

"AMPDevicesAgent is something new with Catalina. As seen in Activity monitor it shows as an Apple process and I have checked with my lab device to confirm this as well."

Following this the Agent recommended that I ran a Malwarebytes scan. This completed with no problems found.

Agent;

"This is something with Catalina so other persons may have this pop up but I can guarantee this is not a cause for concern."

I asked what would not work if I continued to Deny the access request

"Honestly, I am not aware if anything will stop working if you hit deny."

I was still concerned that we did not know what AMPDevicesAgent actually is, so I was passed over to a supervisor. I explained;

• I am getting the AMPDevices pop up and it is asking for access to my keychain. I have no idea what AMPDevicesAgent is or why it needs access to my keychain.
• It a bit like giving your bank account details to somebody you just met on the street.
• All other things that ask for access tell you who they are e.g Malwarebytes asked for access to my desktop. Its a malware scanner so that is reasonable. But what is AMPDevices?

The answer to this was

"It’s actually part of the Frameworks in you Library folder for the iOS Device that is installed with Catalina, so that would be expected behavior and there is nothing to worry about by accepting it."

So I asked

"OK. Can you please pass a message back to the development team that allowing something called AMPdDeviceAgent to ask for access to the keychain is not good practice. It causes the end user to worry and hence waste lots of time researching the issue and then contacting Apple Support."

Supervisor response;

"Sure can. You can also voice your concern about this at apple.com/feedback. We have a dedicated team here at Apple whose entire job is to review this feedback and implement any changes needed."

Conclusion

AMPDevicesAgent seems to be part of the new Catalina functionality that allows Finder to sync and backup with iOS & iPadOS devices. It looks like either the access rights for it haven't been properly fixed or somebody didn't give it a user friendly name.

As a result of this conversation with Support, I'm going to Allow access.

I suggest that we all input to apple.com/feedback saying that a window popping up to say that AMPDevicesAgent needs access to the keychain is not very User friendly. Either its access rights should be fixed so it doesn't need to ask or it should be renamed something the User can understand.

It's not fishy, but the fact that it is asking is likely a bug. AMPDevicesAgent is an internal process ("Apple TV, Music & Podcasts") and granting it permission is a safe thing to do. Not granting permission means that you will have to enter passcodes each time because the agent can't get them from the Keychain, but no other harm will come from denying. I've checked with an internal Apple resource in the Hosts team and he suggests that you use the Contact Support link at the top of this page so the problem can be logged.

Here is what I found out from my internal resource. AMPDeviceDiscoveryAgent is a process for syncing Apple TV, Music and Podcasts. It is ok to trust it. However, it should not be prompting you. He says anyone who sees this should contact Apple Support using the Contact Support link at the top of this page so the reason it isn’t behaving right can be analyzed.

Just got off chat with two Apple advisors. It is part of Catalina although I felt the two advisors I dealt with both were new to the issue. They recommended allowing it as it was not a third party hack or pop up.

Go to support and chat. They need to make it more legit. It smells fishy so I always denied it. Allowed it and my phone and computer have not started fizzing or melting.

Here is what I found out from my internal resource. AMPDeviceDiscoveryAgent is a process for syncing Apple TV, Music and Podcasts. It is ok to trust it. However, it should not be prompting you. He says anyone who sees this should contact Apple Support using the Contact Support link at the top of this page so the reason it isn’t behaving right can be analyzed.

You didn't do anything wrong when you allowed access. The process requesting it is a coordinating app for syncing to Apple TV, Music and Podcasts (that's the AMP part of the name).

You were asked that the first time you backed up your phone to iTunes. But iTunes isn't how you back up with Catalina; instead you use Finder. Connect your phone, open Finder and you will see the iPhone in the sidebar under Locations. As it's a different app it asks the first time you use it.

When clicking on my iPhone icon in the finder scroll down to the bottom of the information window and I see "Reset Warnings" button. Try that?

I was also looking online for the information on other sites, and I found this link on reddit.

Apparently it's from Apple. So it should be safe? I allowed it once to see what happens.

That reddit post had these images:

I'm still getting the occasional message "AMPDevicesAgent wants to use your confidential information stored in iOS backup in your keychain". I'm clicking on Deny. So far I haven't found anything that doesn't work. And no, I don't have to enter my password to do a backup.

I still haven't found anyone who knows what AMPDevices is or why it wants keychain access. So it still smells like something bad. Keep on Denying until we find out more :-)

There is very little on Google except that it appeared in an early beta of Catalina.

Also, I have noticed that if I try and run Sidecar I get the following message

You can’t open the “Sidecar” preferences pane because it is not available to you at this time.

My iPad Pro is connected to my iMac so I expect this error is generated because I denied the AMPDevicesAgent.

Exactly the same for me. There is no iTunes on the system; I didn't get any prompts when I used the Finder with my iPhone; I did get the prompt when I used the Finder with my iPad Pro.

Not sure how to get the prompt again (maybe check in System Preferences | Security and Privacy).

This reinforces my point as to why Catalina would prompt for a valid Apple process. How would any technical or non-technical user know what to do with it since this is not some 3rd party app they are purposely installing.

I've started getting this message since changing to Catalina. Internet searches throw up several people posting the problem but no good answers.

It seems bad practice to show messages requesting access to secure information without explaining to the user exactly what is doing the asking, why it needs the information and what happens if you do not give permission. At best something doesn't work. At worst people just get sick and tired of it and automatically hit 'Always Allow' for everything; which rather defeats the attempt increased security :-(

My iPhone wouldn't appear in the Catalina Finder sidebar (plugged, unplugged, change cables, etc). Rebooted Catalina and suddenly the iPhone was in the sidebar. Started update to iOS 13.1.3 and got the AMPDevicesAgent message .. didn't worry me too much as the post-Catalina upgrade asked those sort of questions a lot with my 3rd party apps .. a good way to clean out skeletons. I answered OK but just authorised it once only. The iOS upgrade subsequently failed 3 times with a 4000 error (the 4th time worked successfully). I work as an IT engineer so not exactly a novice .. and Catalina was a big upgrade .. nonetheless the whole experience was reminiscent of Microsoft Windows back in the day with the 3-fingered salute as one of the standard approaches to get stuff working.

If you are restoring a backup that is encrypted you must put in the password that you created the first time you made an encrypted backup. It is not related to any other password that you use unless you reused a password by choice. When you make your first encrypted backup you will be prompted to enter a backup password - twice, for verification. That password never changes, even if you change computers or change phones. And you are never prompted for it again unless you try to restore a backup. The good news is that you get unlimited guesses, so start going through passwords that you might have used. If you are like most people you reused a password, probably one related to your phone like an iTunes password or a screen unlock passcode.