1 upvotes, 1 direct replies (showing 1)
View submission: How to keep your Reddit account safe
Default iPhone backups go to the cloud, right?
Comment by obrienmustsuffer at 07/05/2019 at 15:10 UTC
2 upvotes, 0 direct replies
I don't know whether iCloud backups are enabled by default, but that doesn't matter anyways. AFAIK, when backing up to iCloud, keychain entries are always encrypted with a device key stored on the iPhone. So you can restore an iCloud backup onto the same phone and preserve all secrets, but you're guaranteed to lose them when you restore onto another phone.
The only way to copy the secrets intact is by using an encrypted iTunes backup. The iPhone will then decrypt the secrets with its built-in device key, and re-encrypt them with the iTunes backup password. Apps can opt out from this kind of backup by setting a "this device only" flag on keychain entries, which will ensure that secrets cannot leave the device altogether.