Hey so since @dhh has just reminded me of all the ways Apple deceives us into thinking their products are secure, I’d just like to compile my thoughts on all the ways backdoors currently exist within iOS:

Apple saves your call logs to the cloud unless you turn off iCloud Drive (not iCloud backups): https://twitter.com/noahsbwilliams/status/1349627085925433344

(so, uhh): https://twitter.com/noahsbwilliams/status/1349627362971844610

Apple stores a copy of your iMessage encryption keys in the cloud unless you turn off iCloud Backups entirely: https://twitter.com/dhh/status/1349622435516215298

The default length of an iOS passcode which you’re prompted to setup out of the box is six digits, which is laughably easy to brute force.

So, without rate limiting, your passcode means jack…

This means, that if at ANY time Apple decides hand over the signing keys to iOS to a third party (or someone steals them) they can install a malicious version of iOS on your phone that disables rate limiting and lets someone brute force your passcode.

So the only real defense against a physical threat is to set a strong alphanumeric passcode and power off the phone.

Also, you can’t even request to disable server side logging of Siri commands without putting your phone in supervised mode...