There is a similar annoying problem.
Any time I backup my iPhone to my MacBook via the Finder or via iMazing the following message appears on the iPhone
Trust This Computer?
Enter passcode to trust this computer
and start a backup.
meaning that I trust my MacBook only this one time, and have to repeat the trust statement again and again.
This has an additional negative consequence: automatic backups via iMazing are no longer possible,
Yes! We wrote about that a while back.
Interesting. I thought Iâd gotten them more frequently than every restart or logout, but when I explicitly tested sleeping, I didnât get the dialogs. I wonder if thereâs something else combined with sleep that triggers them.
The issue with iPhone backups carries another security weakness that Iâve not seen mentioned before. When you manually request a backup from your Mac, or if you have it set up for automatic backups to your Mac (which is still possible to do with iMazingâyou just have to enter the passcode every time), youâll get the passcode pop-upâwithout anything identifying the computer requesting the backup.
That is, it asks you if you trust an unnamed, unspecified computer thatâs requesting a backup. Am I the only one who can see ways for this to go very wrong?
It shouldnât bother me for wired backups; after all, Iâm going to be sitting at the computer, and I can see the USB cable connecting the device to my Mac. But the pop-up is identical for wired and wireless backups, and does not indicate which the request is.
This means that, in theory, if a bad actor in or near your household or office was able to associate your iPhone with their computer, itâs conceivable that they could time a wireless backup request from their Mac to whenever youâre about to do a wired backup to your own Mac. As long as they donât jump the gun, the timing doesnât have to be perfect, as it can take up to several seconds for the prompt to appear on the device. Since the pop-up doesnât indicate the requesting computer or the manner in which the backup is to be conducted, you have nothing to alert you that this request is not your own.
While I have trust that Appleâs security measures would make this kind of interception difficult, I donât trust that itâs impossible or even impractical to attempt. The data thief could be an obnoxious roommate, a partner who suspects you of cheating, a business colleague who wants to sabotage you, or any number of other close-to-you people. If youâre an âimportant personâ, the data on your phone might be worth an outsider specifically targeting in this manner.
You also have no assurance that the pop-up is genuine. There is nothing about it that canât be replicated by an app. So instead of raw data theft, the culprit could just be after your passcode. Granted, this is a bit less likely, because it requires the perpetrator to know when you have automatic backups scheduled, which even social engineering might find tricky. But itâs not outside of the realm of possibility, especially for a person close to you, like those I mentioned above.
Iâll grant this this may seem like an unlikely possibility altogether, cybersecurity concerns shouldnât be limited to only the probable. The improbable is attempted more often than most people would think. What matters isnât so much the probability of the method succeeding as it is the motivation someone else has to mess with you.
Apple could easily alleviate this concern by adjusting the passcode prompt to give the name of the computer requesting a backup and whether itâs wired or wireless. That data should already be received by the device as part of the backup request, so thereâs no real reason it canât be shared with the user. While it wouldnât eliminate the possibility of this kind of attack happening, it would add steps to the attack that would deter some from trying it.
Iâm perpetually debating deleting iMazing given this nuisance.
IMazing is only following Apple backup procedures. I donât thing they like the requirement anymore than we do. I do agree that too much security layers leads people to not bother at all.
Iâve mitigated the issue somewhat by setting iMazing to request backups from both my iPhone and my iPad with a âpreferred timeframeâ (which is set under Options â Automatic Backups, at least on iMazing 2). The time frames I set are ones when I typically expect to be actively using each device. It mainly keeps it from trying to do backups in the middle of the night and failing because I canât enter the passcode while Iâm asleep, which has the additional aggravation of switching from the alarm clock display I use overnight to the lock screen when the passcode request times out. (With an iPhone 12 Pro Max, Standby mode isnât particularly useful to me for this, because the screen wonât stay on. The alarm clock app I use has a specific option to keep the screen on while connected to a charger.)
It doesnât completely remove the annoyance, but it makes it easier to deal with. It also does nothing about the security risk inherent in such a repeated authorization request.
Oh Iâm fully aware. Itâs a measure of the experience that I debate it every time. When choosing to not back up out of expedience turns into âwhy do I use this app?â
Iâve been tempted by that for some time.
Yes, well I flipped the bozo bit on Apple when they introduced this âfeatureâ. Itâs simply indefensible, particularly given the way encrypted iPhone backups actually work. Unfortunately I doubt thereâs enough momentum for anything like a class action suit, because local backups are just not done any more (itâs actually more likely that people will simply turn iCloud backups off to save cost and iCloud storage space and have no backup). As Iâve recently switched back to local backups to save on the unjustifiable cost of iCloud storage, Iâm confronted with the prompts very regularly. It is hard to imagine Apple compromising the user experience so thoroughly by choice, yet here we are. It is not only very, very annoying, essentially unusable, but difficult to see how the responsible people at Apple could have thought it would lead to any conclusion in the minds of their users other than that Apple were simply grubbing for iCloud revenue in the most underhanded way imaginable. Very sad.
I used vocr, and I thought it was a bug that I was constantly being asked for screen recording permission, too. The utility is really at its most useful when itâs started at boot. I sincerely hope Apple do not advance with this misfeature, at least not as the default.
I have often thought that the only way to solve a problem like different types of users is simply to ask, when the user first sets up their device, what sort of user they are. Would they like Apple to assume all the risk, and make all the important choices for them, which would include being restricted to the Mac App Store, with default permissions blessed by Apple? Or would the user like all the choice and control, with all the attendant permissions dialogs, and the risk of making mistakes? I know it wouldnât be âPCâ (sorry, pun not intended) but itâs surely preferable to the present situation.
A post was merged into an existing topic: macOS 15 Sequoiaâs Excessive Permissions Prompts Will Hurt Security
This has always baffled me. I want my backups to be complete. iCloud backups of iDevices do not include any of the more sensitive data, such as passwords. The only way to get a complete backup is local. (And even thatâs not truly complete, as apps are not backed up, and even iMazing appears to no longer have the ability to archive iPhone/iPad apps. So any apps not currently downloadable from the App Store are lost if you do a total restore or reset.) My local backups are part of my Backblaze backups, so they still get a cloud backup.
Yes they do. iCloud backups are complete backups of iPhones and iPads - the only data that doesnât back up are items that sync with a service, which includes messages (if you have messages in iCloud turned on), contacts (if you sync them with iCloud or another service).
Unfortunately I still rely on local syncing of audiobooks, so iCloud backups can never be a complete solution for me. Regardless there are some subtle differences which mostly affect you if you are not using iCloud Keychain and you are transferring between devices. If youâre all in with the end-to-end-encrypted features, those are basically insubstantial (but still less preferable to a device-device direct transfer).
Huh. It looks like if you set it up directly from the device, it now does claim to back up everything, but it didnât used to be this way when they introduced iCloud Backup, and Iâve not before seen anything indicating that had changed. If I try to set it up from my Mac (running Big Sur), the options are âBack up your most important data on your iPhone to iCloudâ and âBack up all the data on your iPhone to this Macâ. Has the options shown on the Mac changed since Big Sur?
That still isnât sufficient for me, though. I have a 256GB iPhone. Since itâs not full, in theory 200GB ought to be enough, but thatâs $3 a month that I donât need to spend when I can back up to my Mac for free and back up the backups to Backblaze (with unlimited storage) with all the other data from my Mac. And I still wish I could back up apps without relying on continued access from the App Store.
Is this new with version 3? Iâm using version 2.17.18 (17697) and I have multiple versions of apps in my iMazing folder. (Or did you mean something else?)
On a tangentially related note, my iMazing folder contains a folder called Apps and a folder called iMazing.Apps. I could find nothing in the iMazing guides that mentioned them. Does anyone know why there are two such folders and what the difference is? They both contain .ipa files.
On a second tangentially related note, iMazing deleted all my saved apps a while back. I think it was after I logged out of one Apple ID and logged in with another. (Unfortunately for me, I downloaded apps using two different IDs before I understood the ramifications.) Would logging out of an Apple ID (or logging in with a different Apple ID) cause iMazing to delete all its saved apps?
For the iPhone backup prompt, we already know why this happens . iMazing suggests a workaround but if Apple hasnât done it yet, they likely wonât. My guess is that the last thing Apple wants is to read future stories of vast amounts of data stolen from unencrypted iPhone backups because of this potential security issue, so I understand why theyâve changed this. But I donât think itâs a cynical attempt to get people to buy more iCloud storage.
Honestly a dollar to three dollars a month is, to me, well worth the flexibility of always having my most recent backup available anywhere I can get internet connectivity on my phone. (I do spend more than that but I also share storage space and other AppleOne services with the family.) It still brings back the head-scratcher that Apple wonât increase the free tier of iCloud to larger than 5 GB, nor add more storage tiers between 200 GB and 2 TB, but a potential (and easy) workaround is simply to not count iCloud backup data toward the storage limit. Basically let people have enough storage when they buy an iPhone (and/or iPad) to back it up as well as at least 5 GB for synced data.
Thatâs entirely beside the point. The suggestion iMazing makes is to only require such incessant password re-entry for unencrypted backups.
âWe believe a more elegant solution would be to ask the user to enter the device passcode only when backup encryption is disabled for the device.â
All of us who have our backups encrypted would be asked only once per trusted host and then never again. Apple wouldnât have to worry about bad press and the fanbois wouldnât have to lose sleep over poor little Apple potentially getting bad press. Everybody would get their choice and be happy. But nooo. This is an aggravating nuisance and Apple deserves all the bashing it can get for it. That it can be seen as a cheap ploy to once more push folks iCloud instead where they get to pay Apple once more on top of the massive $$$ people already pay for their excessively priced hardware just adds insult to injury. No wonder users are livid. Perhaps that is the price of Appleâs greed. Iâm sure they couldnât care less these days. New leadership is needed.
Okay, it appears to actually be working again (in iMazing 2.17.18). For a period (sometime before I upgraded my iPhone to iOS 17, but Iâm not sure how far back exactly), the option âCopy to Macâ for Apps was inactive for me. Now itâs active again. I donât check these things frequently, primarily because I simply donât have time to keep rechecking oddities in software that donât affect my daily activity. I keep a list when I encounter one thatâs bothersome, but I gave up rechecking them a long time ago, because my experience is that unless thereâs a statement in the release notes regarding such an issue, or a direct response from support about it, the odds of it working correctly again are pretty low.
Time to add âback up iDevice appsâ to my to-do list.
I agree with your post, Norbert. Thereâs not even a dialog box on a Mac that says something like âCheck your iPhoneâ or, at the very least, a tone generated by the phone that would draw your attention.
If this were the only annoying thing Apple did. They use two-factor authentication for their discussion groups and the always trust this computer never sticks. Itâs a discussion group not my bank account.
Frequently when I put my iPhone into my computer Apple asks if I trust this phone or computer or some such. Come on itâs the same computer and iPhone (both made by Apple) that Iâve had for more than two years. Donât get me started. Oh, I already have.