This is horrifying. I thought for sure you can’t change the iCloud password with just the phone passcode but I tried it myself and it worked. You can even turn off ADP and remove security keys.
Yikes
I had been testing driving iCloud+ and Advanced Data Protection the last couple weeks as the promise of seem less end to end encrypted backups sounded like the holy grail of security, privacy, and convenience. I was uncomfortable but willing to compromise on some of its short comings (convergent encryption, meta data, etc) but this is too big of an issue.
It shows Apple has not thought at all about defense in depth. I understand the convenience argument but there should be options for people who want better security.
I will be keeping Cryptomator and Google Drive as my cloud backup solution.
Apple can be so frustrating, they make very secure hardware that is also easy to use. Yet their cloud offerings just seem like they come from a different company.