Tokens lost after backup & restore

[rmueller83]

Today I made an unencrypted backup from my iPhone X on my MacBook since my SSD is already encrypted, so there is no need for additionally encrypting the backup. When I restored my backup to a new iPhone 13, all my FreeOTP tokens were gone. The mandatory encryption of backups should only be active for cloud-based backups. The description of the MacOS encryption checkbox (screenshot at https://support.apple.com/en-us/HT205220 ) says: "Encrypted backups PROTECT passwords" and not "Encrypted backups EXPORT passwords" or something like this. So it is wrong to omit this data from the backup.

[justin-stephenson]

FreeOTP Tokens are stored securely in the iOS keychain, Apple security guides state only encrypted backups can contain keychain items.

Some links for reference: https://developer.apple.com/documentation/security/keychain_services/keychain_items/restricting_keychain_item_accessibility https://developer.apple.com/documentation/security/ksecattraccessibleafterfirstunlock https://support.apple.com/guide/security/keychain-data-protection-secb0694df1a/1/web/1

[rmueller83]

Ok, so if I understand it correctly, it is Apple's fault for a) not detecting that the filesystem of the backup machine is already encrypted b) not telling the user that important data is missing from the backup if that checkbox is not selected ? (and this affects much more apps than only FreeOTP?)