-
Notifications
You must be signed in to change notification settings - Fork 501
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is being backed up to iCloud? #5498
What is being backed up to iCloud? #5498
Comments
This looks like a thinko; we shouldn't be storing anything in iCloud backup. |
@aaronraimist thanks for creating the report following my questions on the Matrix channel 🎩 First of all, I would like to thank the Element (and Matrix) teams for the awesome project they have created and all the effort they have put into it. Back to the ticket: Given the core values of Matrix and Element, I fully trust the app not to share any data with iCloud (unless explicitly requested by the user). Unfortunately I did not have the needed equip to do actual debugging, so I only did a few user-level tests. I created a E2EE room with only myself and the (just created) iOS user and shared one high res video and about 10 pictures. While running the experiment, I checked the iCloud storage overview in the Settings app on the iOS device and noticed that the iCloud data for Element kept increasing, as I sent more messages. After sending the 10pics and the video, the Element iCloud backup was about 2MB (if I remember correctly). Disclaimer: I am a developer/tinkerer, but no background on iOS :-) I would like to propose the creation of a document which would provide info on:
I will be happy to contribute to this effort as I can, toddler allowing :) Thanks again for all your effort on this project! |
Great! Thanks for working on this with high prio! :) |
Hi @Anderas, thanks a lot for working on this! I saw some of your comments to the PR which seemed to imply further changes might be needed to fully resolve this (e.g. the comments related to the application container). Could you confirm whether the issue is fully or partially fixed? Regarding documentation: would you guys like to have a separate issue to track updating the official documentation, as proposed above? Regarding testing: are you planning to add tests to ensure there are no regressions on this and all files are excluded from iCloud? Thanks again! :) |
Hi @faenil . Thank you for raising this issue to begin with. You are right that this hasn't yet been completed (but was rather autoclosed by the first PR), I've reopened it now. I am going to raise a PR against the main app that integrates the blanket exclusion of all folders. As Element, we do not aim to store anything in iCloud at all, so in that regard documentation of what is being stored should not be necessary. Tests are also feasable as we can launch the app and ensure attributes are set correctly on all key folders. This will be a part of the PR against the app. |
@faenil you can check the app-side PR. When testing this on a device, local backups did not contain any data at all, however iCloud still reports some small amount of kbs. On my device this was around 200kb, less than signal. Local and iCloud backups should be identical, so believe this disparity is something on the Apple side, and not containing any Element data. I created a separate issue to look into this, but it has a much lower priority than the one you reported. |
Hi @Anderas, thanks for the update! It's great to see real progress on this. It is very appreciated! :) 🚀
While this is great to hear, I believe it would be beneficial for this to be part of the official documentation as an official statement/promise 😅 Thanks for the link. The PR description seems to imply the task is not fully implemented, as any file created during the first app execution will be backed up to iCloud, including potentially sensitive data (if I understood correctly, the exhaustive list of files that were previously being backed up is not known) Quote the PR description:
Thanks again! |
Hi @Anderas just wanted to report that this fix is missing from the most recent release notes :) |
The change was merged after the creation of the latest RC, so will be a part of the next release, change entry here. As to your earlier query:
This would only affect files we do not explicitly exclude, which is mostly files whose lifecycle we do not directly control ( |
Oh I see, it was not included in the 1.8.1 branch. Thanks.
I appreciate the explanation. I am still not really sure what data exactly will be uploaded to iCloud after this patch :D For instance, what is Element iOS storing in I think the whole community of users would benefit from a document that explains how Element iOS handles iCloud backup and possible issues that might arise in case of bugs. I think there is great value in ensuring those risks are known to the more privacy-oriented users :) As you mentioned, if there is a regression and someone forgets to exclude a newly added folder, that would end up on iCloud, at least until the application is started again and the fallback logic marks those folders as excluded.
By having a document that explains what data is being stored on disk by the client and the risks related to that data being uploaded to iCloud, everyone would be able to make an informed decision based on their personal situation.
I do appreciate it is a non-trivial situation. Something along the lines of:
Would you agree that would be helpful? :) |
Hi @faenil - agreed that we should have a "Here is a list of the data that gets stored in iCloud, if backup is enabled" section in the readme, once the fixed behaviour is released. |
Awesome! Thanks @ara4n! Feel free to close it if you'd rather keep this one open until that is completed 👍 |
@faenil:matrix.org
noticed this a few days ago https://matrix.to/#/!pMBteVpcoJRdCJxDmn:matrix.org/$oJZGCUKoKELfzzljZ5Liq3PxQ8h9Qx-vybxdp6oLKwg?via=matrix.org&via=privacytools.io&via=tchncs.deSteps to reproduce
Outcome
What did you expect?
Element iOS shouldn't be backing up message contents, encryption keys, or media since to iCloud Backup since it is not end-to-end encrypted https://support.apple.com/en-us/HT202303
Alternatively if does backup things to iCloud, it should be encrypted by the app before it is backed up. I'm not sure what there would be to backup to iCloud though considering Matrix already has it's own key backup feature and the homeserver should be storing all of the other stuff.
What happened instead?
Element iOS has backed up a somewhat large amount of data. For me it was 58 MB.
I then sent a 6 MB image in an encrypted room and backed up to iCloud again. The backup increased to 88 MB.
I'm not sure what exactly is being backed up but I searched the repos for https://developer.apple.com/documentation/foundation/urlresourcekey/1408756-isexcludedfrombackupkey and didn't see anything marked as being excluded from backups. I'm guessing this means everything stored locally is being backed up.
For comparison my Signal iCloud Backup is only 300KB. It looks like they have excluded most stuff from being backed up signalapp/Signal-iOS@fb0281f.
Your phone model
No response
Operating system version
15.3
Application version
1.7.0
Homeserver
No response
Will you send logs?
No
The text was updated successfully, but these errors were encountered: