iCloud Backups, iCloud drive, passwords, health data, basically everything except specifically iCloud Mail, Contacts, and Calendar [1] is all inaccessible to Apple when Advanced Data Protection is enabled.
> First, iCloud E2EE is opt-in.
> Second, iCloud E2EE is woefully incomplete. When you iMessage with someone, they have iCloud Backup on by default, and non-E2EE by default, which means that approximately all of your iMessages (including all image and document attachments) will still be readable by Apple and the FBI because they are backed up twice: once from each end of the conversation.
> Furthermore, the E2EE for iCloud Photos is not designed to preserve privacy. Even though iCloud Photos now supports E2EE for the content of the photos and videos stored, the file metadata is not E2EE, and the metadata includes the FILENAME and also a unique hash of the unencrypted file content.
I did specifically choose not to mention Photos for that reason.
For Find My, since they can even locate switched off phones, that tells you all you need about how it works. I find the whole concept creepy.
> For Find My, since they can even locate switched off phones
They can't. Find My is actually truly end-to-end encrypted, at least the version used for when a device is off (I'm not 100% sure how encrypted the self-reported version is for powered on iPhones with data).
Copy-pasting my summary about how Find My works from another comment in this post:
> The master private key used by the system is generated locally and never leaves your Apple devices in a state that anyone except your devices can read it.
> The master key is used to derive an AirTag specific private key which is provisioned to the AirTag and is in turn combined with an increasing counter which generates a third private key that's never stored anywhere. The ID broadcast is the public key of this third key. It changes every 30 minutes or 1 hour, I forget which.
> Other devices see this key, use it to encrypt their own location, and upload that encrypted blob along with the public key to Find My, and in order for Apple to even know which account the encrypted blob they can't decrypt belongs to I have to actually request the location of my AirTag by locally deriving the keypair it used for a certain point in time.
This has all been proven through [1] where they read the whitepaper (which I can't for the life of me find now but know exist because I've read it, or at least parts) and implemented OpenHaystack which proves Apple aren't lying about anything because if they did then OpenHaystack wouldn't work.
They can also be tracked close to real time with their gps coordinates so it cannot be passive, the phone has to report somewhere. And it's reporting in the background, there's no indication that its doing it.
See this for what is and isn't encrypted: https://support.apple.com/en-us/HT202303
They're a corpo of hundreds of thousands, there's no feelings attached to it from their side. They'll do what makes their stock go up or the CEO will be replaced with someone who'll do the needful.
