Despite Apple taking a pro-encryption stance, with its CEO Tim Cook insisting that iMessages are safely encrypted, it turns out that if users backup data using iCloud Backup, they need to be aware that, although Apple stores the backup in encrypted form, it uses its own key.
Motherboard has reported that if a user enables iCloud Backup on their Apple device, copies of all messages, photographs and data including iMessages are encrypted on iCloud using a key controlled by Apple and not the user.
This allows Apple and by extension anyone who breaks into their account, to see all personal and confidential data. Apple allows users to switch off iCloud Backup whenever they want, but it doesn't offer a way to locally encrypt iCloud backups that would allow the company to store the personal data on its servers but not access it.
It is worth noting that it is possible to do encrypted non-cloud backups locally through iTunes, but the fact that when you setup a new iPhone it asks you to log in with iCloud should show the heavy reliance Apple has on cloud services, and exactly the reason why users should think twice before backing up to Apple's Cloud, says Motherboard's Joshua Kopstein.