iCloud data is stored in an encrypted format, but Apple holds the keys to the server-side encryption (not for your device). That's the main concern. We need to move to a model where only the user holds the keys. That requires a completely different architecture, and opens a big can of worms if users were to lose their devices, etc. They'd also lose their data on the server-side.
As a system administrator, I have great admiration for the sheer complexity of what Apple is managing with iCloud. It works extremely well in general practice. These companies and organizations that attempt to break encryption and gain access to data only manage to make Apple look incompetent in the average joe's eyes, but they are not. This is just highly complex stuff and it will always be a cat-and-mouse game.
[doublepost=1563653731][/doublepost]
Let's clear up a few things.
- Messages/iMessage supports full end-to-end encryption. This is known. It's only when you begin using iMessage in iCloud that the level of protection becomes weakened because now the server needs to participate in the messaging, too. It's essentially another participant that needs to hold the keys to the conversations.
- All data is fully encrypted on iCloud servers, and encrypted connections are used between all devices (Macs, iPhones, etc.).
- The issue is that Apple holds the keys to the data stored on iCloud servers, allowing them to de-crypt it at will. The data is still encrypted, though. It's not sitting there in plain-text, readable format. That would be asinine and very irresponsible of Apple.