Lawrence Finch wrote:
The reason it isn’t required for iCloud backup has nothing to do with absurd conspiracy theories; it’s because iCloud backups are protected by your Apple ID password and 2 factor authentication.
The reason it is required for computer backups is because there is an identified vulnerability that has been seen in the wild that would allow a bad actor to back up, and then gain access to the backup on a computer, as reported in the National Vulnerability Database→https://nvd.nist.gov/vuln/detail/CVE-2022-32929
and as described in a “how to" here→https://theevilbit.github.io/posts/cve-2022-32929/
Essentially, any computer that has been hacked (which is roughly half of all Windows computers, and a smaller, but significant, number of Macs) can be used to get a copy of the iPhone’s backup. If the backup is not encrypted it is trivially easy to get most of the content of the phone. If it is encrypted, it’s harder, but, as there is no limit to the number of guesses of the backup password it is always possible to set up an automated process to guess the password.
And the reason just asking for it once is inadequate is because the hacker can run their hack after the passcode has been entered that one time.
This is all very convenient, as rationalisations go, but I fear that it strains credulity that Apple's backup encryption, well-studied and independently-implemented as it is by many third parties, is so weak as to be unusable for its intended purpose; if it were, local backup encryption would simply be impossible. Incredible, too, is the notion that Apple, a company that understands the case for keeping private data private, would somehow exempt itself from consideration in the event of an attack on its own infrastructure, where your backups are stored--backups that are, in any event, encrypted by Apple, but not by yourself--without giving the user a choice of a local, genuinely encrypted option. (In fact, your passcode does most of the heavy lifting in iCloud to protect a tiny fraction of the data, not your iCloud credentials; your iCloud Keychain holds sensitive keys protected in part by your passcode, but when disabled, the keychain is still protected in your backup by the device hardware key, but is then non-transferrable to other devices. Local backups are simply superior for data portability, which may be another good reason they're still useful at all. You could read Apple's Platform Security Guide, if you like, for all the detail.)
So if it's true that this behaviour is not ultimately beneficial to Apple's bottom line, and that this change is being made purely on technical merit, I hope you have a suggestion for how best to use iCloud storage without paying for it first. :)