search

ACINQ / phoenix

Phoenix is a self-custodial Bitcoin wallet using Lightning to send/receive payments.
https://phoenix.acinq.co
Apache License 2.0
644 stars 97 forks source link

Improved support for Advanced data protection mode #342

Closed robbiehanson closed 3 months ago

robbiehanson commented 1 year ago

Starting with iOS 16.2, iPadOS 16.2 and macOS 13.1, users can enable Advanced Data Protection to protect select iCloud data with end-to-end encryption.

However, according to the docs:

Third-party app data stored in iCloud is always encrypted in transit and on server. When you turn on Advanced Data Protection, third-party app data stored in iCloud Backup and CloudKit encrypted fields and assets are end-to-end encrypted.

This would suggest that any data stored in CloudKit is NOT encrypted end-to-end unless the developer explicitly tags the database column as an encrypted column.

Initial Tasks:

robbiehanson commented 1 year ago

Before enabling Advanced Data Protection:

I can see my data within the CloudKit Dashboard. That is, from the dashboard I can select "Act as iCloud account" and then login using any of my developer accounts to view the associated CloudKit data (for the Phoenix app).

After enabling Advanced Data Protection:

I can NOT see my data within the dashboard. When I select "Act as iCloud account" and login, I'm told I need to enable "Access iCloud Data on the web". After enabling this option, I then get a cryptic error message when I try to login. I don't know if this is an Apple Bug, or if it's "working as intended".

However, there is more information available online now. And multiple developers have confirmed that, when Advanced Data Protection is enabled, data within CloudKit is NOT encrypted E2E, except for encrypted fields & assets.

Further, there is no API to determine whether or not the user has Advanced Data Protection enabled.

robbiehanson commented 1 year ago

CKRecord.encryptedValues requires iOS 15+

We are currently supporting iOS 14. But there's no reason to continue supporting iOS 14 since every device that can run iOS 14 can also run iOS 15. That is, when Apple released iOS 15, they didn't drop support for even a single iPhone or iPad device.

tanx commented 1 year ago

Hey @robbiehanson, thanks for testing this. I'm looking into CKRecord.encryptedValues as well for backing up the seed...

Before enabling Advanced Data Protection:

I can see my data within the CloudKit Dashboard. That is, from the dashboard I can select "Act as iCloud account" and then login using any of my developer accounts to view the associated CloudKit data (for the Phoenix app).

Can you confirm that values stored with CKRecord.encryptedValues are visible in the iCloud Dashboard in this case? Since a vast majority of users keep default settings as is. The way I read the docs is that enabling advanced data protection by the user is not required. But rather that it would just toggle usage of the api by Apple's in-house apps (Notes, Photos, ...):

https://support.apple.com/guide/security/icloud-encryption-sec3cac31735/web https://developer.apple.com/documentation/cloudkit/encrypting_user_data https://github.com/apple/sample-cloudkit-encryption

Further, there is no API to determine whether or not the user has Advanced Data Protection enabled.

That is also my concern with CloudKit or iCloud Keychain if they both rely on user settings :/