Several people have emailed or commented on Hacker News about this ‘experiment’, so let me spell out exactly what I did and what it indicates to me.
- Backed up my iPhone to iCloud using the “Backup Now” feature.
- Shut down my phone.
- Set a new password using only a recovery email address.
- Purchased a brand new iPhone from the Apple store.
- Visited an AT&T store to obtain a brand new SIM.
- Entered my new iCloud password into the device and told it to recover the latest backup.
Ben Franklin flying kites in a thunderstorm this is not.
Note that from step (3) onward I had no access to my device or my original iCloud password. This information was completely gone. At the end of the ‘test’ I had access to all of the iMessages that had been logged in my old phone — some of them actually going back months.
To resolve what this means: following step (2) I had no further access to my phone. Any cryptographic keys it may contain were unavailable and offline. Similarly I had no further access to my original iCloud password — although I remembered it, I simply never entered it again. I can’t see how this could function as an encryption key.
And one more note: I sent myself an iMessage from a different device after step (2) and it didn’t arrive. This indicates to me that stored messages are on iCloud servers, not the iMessage servers themselves.