This personally identifying data is forever one forced update away from abuse. The fact that it's "normal" to take such a risk for such a minor convenience does not mean that it's a good idea.

But I recognize that not everyone is so paranoid. Though in the current political climate, where corporations are clearly choosing sides, you probably should be.

They didn't develop the capability to backdoor phones at the FBI's request.

They are generally happy to hand over iCloud backups, which they did in that case and the FBI "lost" them IIRC.

It was also an iPhone 5c, the last iPhone without a Secure Enclave, I believe they were able to get in with GrayKey.

> They are generally happy to hand over iCloud backups

That one they legally have to do when given a subpoena.

They could encrypt everything and not have the keys. So not really.

The whole point of the backup is that you'll be able to access it even if you your device and it's keystore are destroyed.

And end-to-end encryption doesn't have to break that: https://security.googleblog.com/2018/10/google-and-android-h...

That's not end to end encryption, the key is stored in a HSM in Google's data center in that case. They can be subpoenaed for it.

I don't think you understand what the HSM does. By design, the HSM's secret keys cannot be extracted. Not by the physical possessor of the HSM, nor the manufacturer, nor designer. That is the whole point of using an HSM for this. A subpoena cannot compel the impossible.

Nearly all HSMs that store an arbitrary number of keys can be compelled to dump those keys via a special firmware update from the manufacturer of the HSM, or at very least remove checks to allow it to be used as a decryption oracle.

Apple was able to say no, because they weren't in physical possession of the HSM, which meant that they couldn't be subpoenaed for information that wasn't actually in their possession, but a judge wouldn't look as highly on google's case.

The firmware on these chips erases the keys before applying firmware updates. I encourage you to read the detailed information available rather than just making assumptions about it, or even just the short blog post I linked which states this explicitly.

In the San Bernadino case the FBI had physical possession of the HSM, so Apple could have attacked it physically. That's not related to the reasons why the FBI gave up on that case.

> The firmware on these chips erases the keys before firmware updates. I encourage you to read the detailed information available rather than just making assumptions about it, or even just the short blog post I linked which states this explicitly.

I read the blog post _and_ the third party security audit. The audit only documents that rogue actors within Google would leave a attestation trail if they tried to push malicious firmware and be noticed by Google proper. My concern isn't rogue actors but Google itself. Additionally the Titan chip in my pixel has received firmware updates without wiping it's storage.

> In the San Bernadino case the FBI had physical possession of the HSM, so Apple could have attacked it physically. That's not related to the reasons why the FBI gave up on that case.

Right, so the legal distinction between "we want a piece of information in your possession that you have decided to lock from yourself" versus "we want your help receiving information that we have in our possession but can't access" is a very very big difference from a warrant perspective.

The audit report does not explicitly state that the keys are erased on firmware update, but malicious firmware updates were specifically in scope for the audit, and this specific attack was not raised as an issue, and the blog post explains why. The Titan chip in your Pixel is not running the mentioned custom firmware that erases the keys on update (and malicious firmware updates to the HSM in the phone were not in scope for the audit).

It is not at all clear that the FBI would have lost if they had continued to pursue Apple in the San Bernadino case. The distinction you are drawing is not as clear cut as you think it is.

When a core piece of their security model isn't backed up by the third party audit that they literally are presenting as "don't trust us, we have a audit covering this" (and the auditors did look at how google protects against malicious firmware updates, hence their attestation comments), _and_ when that would leave them being unable to update these modules without wiping everyone's backups, _and_ the auditors found security bugs that required a firmware update, _and_ literally the same chips are updated without wiping when against a threat model that has a better argument for wipes on update, I'm sorry I just don't believe the blog post.

Bringing this back to the original point though, just using an HSM doesn't automatically mean that the manufacturer of the HSM can't access the keys.