"Enter your passcode to trust this computer and start a backup." Every time iPhone is on charge.

"...it is trivially easy to get most of the content of the phone"

If they have hacked my Mac, they don't need any content from my iPhone.

Emails? Texts? Contacts? Photos? Documents? All of that is already on my Macbook. What is also on my Mac are previous iPhone backups. What does the passcode for a new backup do to prevent them from accessing those?

Again, saying that preventing two devices that trust each other from communicating is a "security" thing is a lie.

The main factor of my moving from a Microsoft world into an Apple world was the interoperability of the Apple products. If Apple is moving away from that interoperability, calling it "security" and not providing a way for me to opt-out, it might be time to move on.

By Apple providing a means for users to do one of three things: Require a passcode for each backup, Require a passcode for the devices to trust each other permanently or never require a passcode.

In other words, we should be able to opt-out of these draconian decisions made in the name of our safety.

StMiBa wrote:

By Apple providing a means for users to do one of three things: Require a passcode for each backup, Require a passcode for the devices to trust each other permanently or never require a passcode.

In other words, we should be able to opt-out of these draconian decisions made in the name of our safety.

Until your phone was hacked; then you would probably sue Apple. So protecting you is also protecting Apple.

Maybe you should move on if that is what you feel would make you happy.

I will stay in a secure ecosystem.

The same argument applies to 2 factor authentication. It is mandated by Apple but you can move on out of the ecosystem if you object.

Used values of iphones and Macs are pretty high due to popular demand. Sell it all. Free your spirit.

Lawrence, you pointing to that hack doesn’t justify this change, since as was mentioned multiple times, that hack doesn’t apply to people with encrypted backups. So I suggest not posting that as a blank check justification in response to every (justified) complaint about this issue. It doesn’t make sense.

LD150, if you want a “secure system”, I hope you’re not using Apple’s iCloud Backup instead, which Apple continues to offer despite it not being end-to-end encrypted (on purpose to allow governments to access your private data on demand). Local backups are much more secure than iCloud because they are encrypted. Again, this has been pointed out multiple times, so no need to reply to every new comment with old arguments that don’t apply. All it does is increase your post count.

StMiBa, honestly, this feels like a flick of the wrist, clumsy, ad hoc hole-filling by Apple. I haven’t yet given up the hope that they will come up with a better solution (like an exception to this for encrypted local backups, or forced encryption on all local backups). I hope I’m not proved wrong.

Are you saying that in order for my personal data to be secure, I should delete the backup that is currently stored on my Macbook? Is that seriously what you are saying?

If that's the case, why should I bother to backup my data?

What I hear you saying is, "I have no idea what the problem is or how to fix it and neither does Apple but Apple assures me that if I enter my passcode in order to initiate a new backup, I'm secure."

As to economic arguments, what does storage cost on your computer? A computer backup uses a lot of storage; one backup of my phone is 25 GB, and that’s when I’m syncing photos to iCloud. For fast SSD internal storage in your computer (similar to what a modern Mac has) is about $1 per GB. So each of my computer backups is using $25 worth of my storage. If I didn’t sync photos to iCloud that would make the backup about 20 GB larger, so my cost would be $45 per backup. That same backup to iCloud would cost 99¢ per month or $12 per year.

dfwdiver wrote:

Then why did this start immediately after upgrading to ios16?

Because that was the version that fixed the vulnerability that had been discovered by Google’s cybersecurity team. In my first post I wasn’t aware of that; if you read the rest of the thread it should become clear.

That’s false. The backup location is easily changeable using a symlink. Having a passcode prompt does nothing to prevent this. The fact that you can change the backup location is a good thing because it lets you store your phone backups on an external drive instead of taking up half of the miserly amount of storage Apple provides in their laptops and charges an arm and a leg for.

No, that won’t work. Only the administrator account can add a symbolic link to replace the correct backup location, as the enclosing directory is both hidden and is “owned” by iTunes, the same reason a hacker cannot download a backup you create with iTunes from the default backup location. Do you honestly believe that Apple’s cybersecurity team doesn’t know what it is doing, and you do?

So in this scenario, this someone has hacked into the computer but doesn’t have root access and can’t run a sudo command to create the symlink? That seems like a pretty arbitrary scenario. The sudo password is the login password for most people, so how exactly are they hacking the computer? Your unshakable faith in Apple is… inspiring.

I have great faith in the technical skill of Apple’s engineers and security team. And I haven’t the slightest idea of your qualifications. But I have been working in Unix and Unix variants for over 40