"The company says the data extraction process itself can only be performed on devices in "good working order" at its Cupertino, California headquarters. "
I'm assuming they have to crack the encryption there. Or at least hoping
The encryption cannot be _cracked_. The only chances to get into a newish iOS device is to guess the passkey. Only software that is signed by Apple can access the hardware bits that would try a passkey. For example, if you enter your passcode 1234 then the code that runs is software signed by Apple which sends it to the hardware to try out (and can lock you out if you try to often). Apple can create a different version of that software that tries keys as quickly as possible _and sign it_. If you or the NSA wrote that kind of software, you couldn't sign it with Apple's keys and therefore it wouldn't work. Checking keys takes about 100ms per key and requires the iOS device to work, so the NSA cannot do that using a dozen supercomputers.
----------
Thanks a lot, it's very interesting.
But I read that IOS 7 has Data Protection enabled by default for all applications even for those not natively supporting it by developer.
So I thought Data Protection in IOS 7 was the equivalent of File Vault 2 in OSX.
Now I'm very confused...
Don't jailbreak your phone
----------
How is it possible?
File system is crypted AES 256 on code locked iPhones, isn't it??
If the iPhone is 4 digit locked there is no problem for a brute force attack.
But when is it locked by a strong password?
How Apple can decrypt AES 256 data??
Is there any kind of backdoor?
Apple (and nobody but Apple) can try out passcodes at a rate of about 10 per second. Without you typing them in. 8 digits + letters is about uncrackable. For four digits, the police has to give Apple your phone and a search warrant. It should be obvious that it is possible to read the data without cracking AES, because that happens every time _you_ enter your passcode.
----------
Careful, some of those (like the second one) are for iOS 7's "frequent locations" feature that you can easily opt out of in the settings. That's different from the other, pre iOS 7 news where it was revealed that locations were secretly saved to a plain text file and synced to the computer.
Not "secretly saved". Apple has a database of cell tower and WiFi hotspot locations that is used to determine your location, and part of that got stored on your phone so you can reuse it without downloading it again. And backup backed up your phone. There was nothing "secret" about it. You should use encrypted backups anyway, which is just a switch in the iTunes user interface. So this feature is turned off now, and your 3G data bill will go up a bit.
----------
The accusation was that Apple was sending this data to servers, but no evidence of that was found.
That accusation was obviously made, but it was stupid beyond ridiculous. The data that was found _came from Apple's servers_. There was no need to send it to Apple's servers, because Apple always had that data. Here's what happens:
You are in some unknown place. You want to know where you are. You ask your iPad or iPod Touch without GPS, or phone with no GPS reception. The device spots a WiFi hotspot or cell tower. It sends a message to Apple's servers: "I see this WiFi hotspot. Where am I? " Apple's server returns the location and a list of nearby hotspots and cell towers so that the device doesn't need to contact Apple again. That list was stored. Can you see how if Apple wanted to spy on you they wouldn't use that list on your device? Because it was Apple who sent it to you in the first place?
It's like accusing the locksmith who just changed your locks that he stole the keys from your pocket to duplicate them and put them back. It's stupid. If he wanted a copy of your keys, he wouldn't need to do that, because he's the man who made the keys in the first place.