iCloud encryption

[BenjaminMichaelis]

I would love it if the backups to iCloud for iOS could be client side encrypted as I believe by default it is not e2ee encrypted by advanced data protection even, and also support (https://2fas.com/support/security-privacy/is-2fas-backup-safe/) says there is an ability to set a password and I am not seeing that option on iOS for iCloud backup (only exporting a file I see)

[adocyn]

@BenjaminMichaelis Hi, yes, currently on iOS only the export to file backup is encrypted by custom password. The iCloud backup is encrypted, but using a constant key. We have a plan to add this functionality in future but unfortunately can't get exact timeline for that. If you enable Advanced Data Protection it will additionally encrypt the CloudKit database used by 2FAS https://support.apple.com/en-gb/guide/security/sec973254c5f/web

[BenjaminMichaelis]

@BenjaminMichaelis Hi, yes, currently on iOS only the export to file backup is encrypted by custom password. The iCloud backup is encrypted, but using a constant key. We have a plan to add this functionality in future but unfortunately can't get exact timeline for that. If you enable Advanced Data Protection it will additionally encrypt the CloudKit database used by 2FAS https://support.apple.com/en-gb/guide/security/sec973254c5f/web

It does use Advanced Data Protection? I don't see the 'encryptedValues' property used anywhere from a quick search through the code base.

[adocyn]

@BenjaminMichaelis You're right, general docs states that you have to "only enable this feature" but fields you've mentioned are in docs and probably used for that exact purpose (the docs are terrible). We'll take a look into that.

[BenjaminMichaelis]

My understanding is the same, that data needs to be stored in the encrypted fields.

"Third-party app data stored in iCloud is always encrypted in transit and on server. When you turn on Advanced Data Protection, third-party app data stored in iCloud Backup and CloudKit encrypted fields and assets are end-to-end encrypted."

https://support.apple.com/en-us/HT202303

"CloudKit Record fields must be explicitly declared as “encrypted” in the container’s schema to be protected, and reading and writing encrypted fields requires the use of dedicated APIs."

https://support.apple.com/en-gb/guide/security/sec973254c5f/web

[valynor]

Could we get an update/comment on this from the devs, please?

[BenjaminMichaelis]

Any update on this @adocyn ?

[adocyn]

Queued for 5.4. Currently 5.3 is in the works.

[DannieBGoode]

I am migrating from Raivo and something I liked from it is that it had iCloud sync but when setting up a new device it still requires you to input a decryption password in order to access your OTPs for the first time.

I am testing 2FAS and I realized that the iCloud backup is saved in plain text in the cloud, so if my iCloud account is compromised the attacker will get instant access to my OTPs.

However when you export manually a backup from the 2FAS app settings, it does allow you to set up an encryption password.

Doing a manual encrypted backup everytime you add a new OTP is not very practical.

If this feature is planned, when is it expected approximately?

[elliotwutingfeng]

Is there a technical restriction on the iOS platform that prevents the use of encryption libraries on the client-side to encrypt backups before uploading to iCloud?

[DannieBGoode]

Is there a technical restriction on the iOS platform that prevents the use of encryption libraries on the client-side to encrypt backups before uploading to iCloud?

There isn't, this is how Raivo does it and they don't seem to have any problem with it.

[Penguinjumper]

Queued for 5.4. Currently 5.3 is in the works.

very excited for this. Might even make the recommendation on Privacyguides possible. (https://discuss.privacyguides.net/t/add-2fas-authenticator-app/12958/56)

[chrisbchrisb]

Very exited indeed. Just had a discussion on discord. It is the only issue missing before I can recommend the app without reservation. Any Updates @adocyn? And will there also be a possibility to optionally set a custom password for the cloud backup, as users can do with the file export?

[bhall7]

@DannieBGoode, yes! The ability to add a user password like Raivo would make me feel a little better about iCloud syncing in 2FAS. 🤞

[huyz]

When is 5.4 coming out? Just wanted to note that this issue is a blocker for my even trying 2FAS out. At the very least, Advanced Data Protection should work.

[DjKilla2]

It's been a while since there's been an update on this issue. Is this still being planned for the 5.4 update? I too have migrated recently from Authy to Ente Auth which has E2EE end-to-end encrypted cloud backups and is recommended by both Privacy Guides and Techlore. My understanding is that once this issue is fixed, 2FAS will join the elite ranks of both Privacy Guides and Techlore which many apps have tried to be a part of but few have made it. I'm still hoping this fix is being worked on as this is what is keeping me from using 2FAS as well. Anyway, hope to hear an update soon!

[bvwpo]

@huyz

When is 5.4 coming out? Just wanted to note that this issue is a blocker for my even trying 2FAS out. At the very least, Advanced Data Protection should work.

FYI, iCloud sync option is off by default. So you can try 2FAS now without worrying about this ADP issue, since all your data will be stored locally on your phone. Only if you turn on backup/sync it will use iCloud, and that's when ADP is needed.

[huyz]

So you can try 2FAS now without worrying about this ADP issue, since all your data will be stored locally on your phone.

Thanks for that, but I still wouldn't try a solution without encrypted backups because I have no idea how long I would have to wait to have a feasible solution.

[bvwpo]

Thanks for that, but I still wouldn't try a solution without encrypted backups because I have no idea how long I would have to wait to have a feasible solution.

I’m on the same boat; only testing it with a few fake TOTP’s now. I’m waiting for this feature to be implemented before moving my real accounts over.

[adocyn]

Hi, no updates yet. We're experimenting with different solutions because such change is a major redesign of the iCloud storage. So it should be done once and correctly 🙂