iPhones and iPads Now Require a Passcode on Every Backup/Sync
Back in late October 2022, annoyed reports started to appear on TidBITS Talk complaining that connecting an iPhone or iPad to a Mac to back up or sync abruptly began to require entering the device’s passcode every time. The “Trust This Computer?” passcode prompt appeared whether connecting via USB or Wi-Fi. It also appeared when using the iMazing utility to trigger iOS device backups. Before this change, your device prompted for its passcode only when it was freshly set up and hadn’t yet connected to the Mac or when you connected to a new Mac. (It’s also possible you would get the prompt after a major change, but that wasn’t documented or consistent.)
An iMazing blog post explains the situation. In iOS/iPadOS 16.1 and iOS/iPadOS 15.7.1, Apple started prompting on every connection in response to a vulnerability reported by security researcher Csaba Fitzl. In short, Fitzl showed that an attacker with physical access to your Mac and device could use macOS’s AppleMobileBackup command-line utility to trigger a backup to an unprotected location. Since local iOS/iPadOS backups lack encryption unless you add a password, the attacker might be able to extract user data from the relocated backup.
It’s vanishingly unlikely that this would ever happen to most people: someone would have to have access to your unlocked Mac, your device, and the knowledge to run the exploit. It’s the kind of vulnerability leveraged by government agents, criminals, and others with either state-authorized license or nefarious intent.
Instead of preventing AppleMobileBackup from backing up to custom locations without additional permission, Apple chose to mitigate the vulnerability by forcing the user to enter the device’s passcode on every backup or sync connection. And it works: Apple’s new approach prevents the backups from being directed to an unprotected location unless an attacker knows your device’s passcode. If they know the passcode, there’s far worse that they could do with your iPhone or iPad and the data stored on it.
Unfortunately, Apple’s solution is particularly ham-handed because it adds a non-trivial step to every USB or Wi-Fi connection attempt by every iOS/iPadOS user who backs up or syncs locally. iCloud backups don’t suffer from this requirement, but they require an Internet connection, might use cellular data, and often need an iCloud+ subscription for the requisite storage space. Some people also don’t want to trust Apple’s iCloud security, although the release of Advanced Data Protection should reduce that concern (see “Apple’s Advanced Data Protection Gives You More Keys to iCloud Data,” 8 December 2022).
More troubling is the way that these nonstop passcode prompts will desensitize users to entering their passcodes when asked. The more you’re asked for a password or passcode, the less attention you pay, increasing the chances that you’ll fall for a deceptive prompt from malware attempting to steal your credentials.
Apple’s solution is also overkill. As noted, the likelihood of an attacker with sufficient skills having physical access to a normal user’s Mac and iPhone or iPad is extremely low. The solution is also quite different from Apple’s usual approaches to mitigating risk from physical attacks, which generally offer ways to enable or escalate the level of resistance depending on your needs. A motivated attacker would be more likely to figure out how to encapsulate the exploit into malware that would then exfiltrate user data from the device backup, a valuable vector that would probably be sold to a government for a highly targeted attack. Yes, Apple’s security engineers should address this vulnerability, but they should do so in a way that doesn’t worsen the general user experience.
Practically speaking, you can suffer with entering the passcode on every backup—it doesn’t prevent you from making backups but breaks automated backups with iMazing and may cause you to back up less often. For most people, however, I recommend iCloud backups because they happen automatically, without any human interaction. Nor do they consume space on your Mac, which can be significant, particularly if you have multiple devices with lots of data.
Frankly, I was unimpressed with the overall user experience of the Mac-based device backup workflow. While experimenting with local backups for this article, I had to pull the plug on my iPhone 14 Pro backup before it zeroed out the free space on my Mac. My iMac’s 1 TB SSD had about 150 GB free after backing up 32 GB from my 10.5-inch iPad Pro, and it was happy to start backing up my iPhone 14 Pro, which has about 112 GB used. Unfortunately, the backup wasn’t complete when macOS warned me that my disk was almost full with less than 3 GB available. The numbers should have worked out but clearly didn’t, in yet another example of why free space is difficult for even Apple to calculate.
Plus, when I canceled one of the “Trust This Computer?” prompts on my iPad, the Finder displayed the dialog on the left below. Since I didn’t want to try again, I clicked Cancel and got the dialog on the right. Talk about amateur hour!
What I didn’t realize until Shamino mentioned it in the comments is that canceling the “Trust This Computer?” prompt prevents the backup from happening, but allows the sync to continue. That’s functionally helpful but confusingly obscure.
Finally, even though macOS failed to calculate the amount of free space correctly in the end, it did realize it would have to reclaim purgeable space by deleting unnecessary files. That’s expected behavior, but it can cause problems for apps, such as Fantastical, which alerted me that it was unexpectedly terminated because of having its files deleted unexpectedly.
Apple’s change reinforces my preference for iCloud backups, and I can see it causing many people to abandon local backups and synchronization for iCloud. I’m not one to subscribe to conspiracy theories about Apple using security as an excuse to push people into paying for iCloud+, but this poorly implemented solution doesn’t instill confidence. If Apple wants to dispel such speculation, it should release iOS and iPadOS updates that eliminate the repetitious passcode requirement alongside versions of macOS that fix AppleMobileBackup properly.
Now, if you’ll excuse me, I have to go delete those local test backups that just ate all my free disk space. Luckily, Apple makes that easy. When managing an iOS device in the Finder, click Manage Backups, select the desired backup, and click Delete Backup. (You can also Control-click a backup and choose Show In Finder to delete the backups manually.) Bye-bye, backups.
It’s a freaking BUG. If I don’t enter the password, the backup still happens.
Thanks for explaining this. This “fix” has one other side effect that I have noticed daily: when I plug my iPhone or iPad in to a third party USB-A charger via (Apple) Lightning cable, I am prompted to “Trust This Computer” by entering my passcode. I have learned that pressing Cancel has no negative effect (nor will entering my password have any positive effect). I’m guessing I could put a data-blocking adapter on the cable to prevent it from thinking that the USB charger was a “computer”, but I really shouldn’t have to do that. I should probably file Feedback on this.
That’s not what I’m seeing with my iPod Touch (iOS 15) or iPhone (iOS 16).
If I click “Sync” in the Finder (Big Sur) and then I don’t enter the password, I get an error on the Mac:
If I then click “Try Again”, I will once again be asked to enter it.
If I click “Cancel”, the sync operation will run normally. But it will not make a backup before that sync operation. When all activity stops, the “last backup” date/time remains what it was before I started.
Now, sometimes, that’s just what I want. I don’t always want to make a backup (which can take some time) before every sync operation, and before this “feature”, it has been kind of difficult to perform a sync without a backup. So I guess I now have an option
I see this same process in macOS 10.14 Mojave. Nice to be able to skip the backup before a sync operation!
Thank you very much, @Ace, for giving this issue some much-needed airtime!
After much wailing and gnashing of teeth, I eventually just stopped syncing and backing up. I already have iCloud Plus, but ADP hasn’t made it to Blighty yet and I can’t justify the extra storage for the backups, even though I (very grudgingly) concur that that’s probably the direction of travel. As noted one can (sort of, explained later) sync without the backup, and one can trigger a sync on demand instead of automatically if one turns the feature off in the device settings in Finder/iTunes. However now the problem I have is that the device screen must be off before the prompt appears to cancel or try again appears on the Mac side (illustrated above by @Shamino). This is easy enough when the device is in reach; just wait for the trust prompt, then either wait for the screen lock or manually hit Cancel and lock the device before responding on the Mac. But if the device is in the other room, suddenly it’s a guessing game. If I happened to leave the device unlocked, or if the device shows the prompt but does not re-lock in time for me to hit the Cancel or Skip Backup buttons for whatever reason (no screen lock, I hit it too soon, etc), there’s deadlock with perpetually waiting for the backup to start, and the only option is to go to the other room and lock the device myself. This is very, very, very annoying.
Yes. Clearly, I want Apple to fix this. Ham-handed? I think that’s too kind. Cack-handed, I think I called it. Maybe worse, under my breath.
Makes me glad that I procrastinate on OS updates. My iPhone 7 Plus is still on iOS 15.4.1. My iPad Mini 4 is on the same version of iPadOS. (Neither can be upgraded to iOS/iPadOS 16.) Until I’m finally able to get my phone upgraded (don’t ask—it’s been a comedy of errors with my mobile carrier and Apple), this will be a non-issue for me. Maybe by that time Apple will have figured out and implemented something that isn’t such a pain in the rear.
if it’s a feature, nobody sent the memo to second level support: i was on a call with a support tech regarding this passcode annoyance. fortunately the call was on the device in question because the tech wanted me to reimage my phone to maybe make this prompt go away. having zero confidence in these pathetic and terribly disruptive solutions (reboot, reinstall, reimage) i’m living with this annoyance until we get enough people together for yet another class action lawsuit.
btw: another side-effect of this “feature” is that the mac prompts me to trust my magic mouse when i plug it in to recharge …
Strange. On my devices (at least with USB sync), the screen pops up even when the device is unlocked.
Yeah. I assume that’s because the device switches from Bluetooth operation to USB when a cable is connected.
This is an important feature for a keyboard or trackpad, since you can use it with a dead battery. It’s pretty useless with the Magic Mouse, due to the position of the Lightning connector.
This change has made iMazing annoying to the point of being useless for automatic WiFi backups.
Also for some reason iMazing no longer completes WiFi backups of my iPhone even after entering its device password; it throws an error every time even though WiFi backups complete on other family-members iPhones.
I’m very frustrated and disappointed.
Let me be specific about what I’m seeing. (0) I rebooted the laptop to get to a clean situation
(1) plugged in the phone, unlocked it. Phone shows up in the Finder. The process stalls at the “backing up” step on the Mac:
On the phone, I see this:
(2) Then on the Mac, I see this:
I hit Cancel there. too.
(3) Despite that, backups happen:
So as long as I do -something- on the phone, it syncs/backs up.
That screenshot says that your last backup was January 5.
I use iMazing because it actually does full backups; data and apps. iCloud backups rely on the App Store for restoring apps. When apps are removed from the store your’e out of luck. Some apps will linger for some time in your purchased app list, but eventually they disappear from there too. iMazing solves that problem and it has saved my bacon several times.
The iMazing backups started to clog my system drive so I have directed them to my backup drive; that’s what its for ;-)
The passcode thingy is of course massively annoying; surely Apple can do better than this…
Fair enough… Seems I’m confusing “sync” with “backup”. So when it says “(step 2 of 5) backing up”, it’s not actually happening.
I entered my phone password, the backup step did conclude and update the date. So at best this is very confusing, as well as annoying to enter the password each time.
At that point, it is trying to perform the backup, and is waiting for the phone to unlock.
When you click cancel, the backup step is canceled and the rest of the sync continues.
Its only sync’d. I did your steps but what I get is after I cancel the iPhone code instead of enter the 6 digit, and click cancel on the iTunes backup saying I have to enter passcode, then cancel, I get a new window with the image of my iPhone SE and OK button. No message, no warning. Click OK and backup is cancelled.
You have to enter your pin to backup.
Same goes with importing with Preview (which I do not sub to Photos and use manually import from my Phone to folder on HDD array attached to my mac). If you want to import from your phone via USB using Preview, you have unlock it.
What we have here is an additional step beyond just “unlocking the phone”, it’s entering the passcode (even with Face ID enabled.) Not disagreeing with you, just wanted to be clear about what’s needed.
Ah, sorry, misunderstanding. I mean after the prompt appears. So the device can be unlocked to display the prompt, but the screen must still lock once the prompt has been displayed for the Mac-side prompt to cancel appears. Example: turn off automatic screen lock (set to never); can you now start a sync without touching the device?
I like iMazing because it does incremental backups and so each of its backups is faster than both Apple’s local backup or iCloud backup.
Not only is it faster, these incremental backups support versioned restores. And, it also permits restoring just some part of a version. Moreover, you can extract data from a backup and export it to a Mac.
As I understand, all of Apple restores are all or nothing; you can’t, for example, restore only your photos but keep the rest unchanged. Furthermore, as I understand, each iCloud backup replaces the prior one. So, if you automatically backup to iCloud each day, you can never restore any data older than one day.
Thanks for the article, Adam. I thought I was the only one annoyed by this. I am no luddite but refrained from updating iOS because every update seems to add something unexpected. In the bad sense. iOS 15.7.1 did exactly that. I ended up losing two weeks of some minor data because of it.
I use iMazing and really enjoyed its automatic updates, so when I first needed to input my passcode I thought it was a bug. I am now used to it and set iMazing to backup in a specific time period when I know I will be available, but Apple could have let users know this new “feature” was part of the update. Oh wait, no, this is Apple. They do what they want.
And as my wife had to learn the hard way, that means even if you have an otherwise fine backup, if just one little part of it becomes corrupted, you are SOL. Lucky you if you still have the old phone and it works because then you can attempt an alternate backup (iCloud or iMazing), but if say that iPhone just got crushed by a truck, you would be completely effed. Not a nice design at all.
For those of us using older, unsupported systems there will never be a fix for AppleMobileBackup. But fixing iOS should be enough for those who use encrypted backups.
I just read that 11-page discussion and was reminded why I don’t usually go to that site for help. So much better here.
Last night I decided to troubleshoot a sync issue that has been bugging me for months. If I had to do a backup each time I would still be troubleshooting the issue. By clicking Cancel and only doing a sync I was able to find the problem quickly.
Oh, the problem was “operator error.” Again.
Oh, fascinating! I don’t sync via the Mac either, so I didn’t notice this in my testing of the backups. I’ll adjust the article to focus it on backups.
FWIW, I just tried this on my iMac with 13.1. I am not seeing this. I’m also not seeing it when I plug in my keyboard. (I usually keep that plugged in, and unplug only when I need to charge the mouse.)
This is intensely annoying when you have automated backups (e.g. iMazing), and as you said, it just trains the user to respond to the unsolicited PIN prompt with the PIN. “Oh, that must be the backup”.
It should trust the computer if you’re making encrypted backups.
I opened a case with Apple on this, and they haven’t responded to it yet, which I guess is a good sign, in that they didn’t just reject it as working as designed. Maybe everyone should report it.
I will not update my iPad to IOS 16 until this is fixed.
I get around the need for iCloud+ by using MEGA.nz. 20 GB of storage at the ‘free’ level.
Everybody has there own way of dealing with security and the iPhone.
I for one -do not use a passcode and do not have any banking or hi-profile personal apps. I only use the passcode when I am traveling outside my sphere of local areas. Works for me. I have ‘find my phone’ turned on-so if it is lost-I’ll just erase everything remotely. I just can not deal with punching in numbers -just to read a text or adjust my hearing aids. To each their own.
I’ve been fighting this “feature” (I consider it actually a bug) for weeks now. I asked about it on Apple Discussions but no one knew what was causing it even AFTER I told them it started with iOS 16.1. IF Apple DID deliberately release this without warning its customers and explaining why Apple took the this route (laziness or incompetence), then it is another piece of malfeasance against their customers. The fact that once I tell my iDevice to trust my iMac should be enough until the next major update of iOS (ie iOS 17). Fortunately when I tell iTunes to sync it does; it is only the backup function that requires the password. My iPad Mini 5 is still on iOS 14.4.2 so I 'm spared on it but both my Mini 6 & iPhone 12 are on iOS 16.1
Curiously, when I deleted all my local backups from Storage Settings (under “iOS Files”), they did not immediately disappear from the UI. Revisiting that UI, or using Finder, confirmed that they were in fact gone.
I’m not seeing this on Catalina with my iPod Touch. If I attach it to the iMac with a lightning cable and click on the icon in the Finder, it will sync automatically (with no backup). Also, no need that I can detect to enter a password. I do see a notice on the iPod itself, when I attach the iPod that, to use certain applications, I will have to enter my six-digit password.
If you’re not performing a backup, then it won’t ask you for the passcode.
As for why it’s not trying to make a backup when you click Sync, the only reason I can think of is if your device is configured to automatically backup to iCloud.
There used to be an undocumented system preference to disable automatic backups with sync, but I believe that preference was removed in Catalina, so that shouldn’t affect you.
Hmm. I think it is configured to automatically backup to iCloud. But I’ll have to doublecheck.
Right. If you’re automatically backing up to iCloud, then it won’t automatically make a USB backup when you sync, so it won’t ask for a passcode.
Unless you manually click the button to make a local USB backup. Then it will ask.
This is correct.
OTOH having recently switched to iCloud for backups, I’m stuck with loss of auto-sync to my Mac over night. Now when I plug the phone into power over night, it will indeed automatically back up to iCloud over my home wifi as desired. However, syncing to my Mac no longer takes place when plugged into power and connected to my home wifi (as is the Mac).
I have yet to figure out how to restore that behavior. Just because I back up to iCloud, does not mean I no longer need to sync the phone with my Mac. AFAICT right now, the only way to do that is to manually initiate by hitting the sync button in the Finder. Not ideal to say the least.
This bug also appears in earlier OSs.
I never update until the .3 release, so my devices
all demonstrate the unwanted behavior, with iMazing.
I haven’t seen evidence anywhere that Apple considers this to be a bug. It’s perhaps an over aggressive security feature to prevent a person who has somehow managed to hack a trusted computer from then accessing the iDevice by backing it up to that Mac.
Apple may not consider it a bug, but many USERS do! I’m setting in my own house, with my iDevices connected to my iMac to which I’ve been backing my iDevices up and is a Trusted Computer. Once you have done your initial connection, sync, back up, complete with appropriate password(s), then you should not have to jump through hoops again until you either upgrade to a new MacOS or buy a new Mac.
Growing tired of the endless requests to unlock my iPhone and my two iPads just to accomplish the daily backups I’ve done for years with no problems, I complained about this (some weeks ago) to the iMazing folks, who (correctly) pointed me to Apple.
I sent a strongly worded feedback to Apple, but have heard nothing.
In the meantime, I’ve finally just given up making iDevice backups. Life is too short.
Unfortunately you are preaching to the choir. It is just another notch in Apple’s journey to make their products totally closed systems to maximize profits. Another “fun” thing is one I discovered today, which is that Apple will no longer allow you to connect your iPhone to a Mac using Bluetooth. I just spent 4 hours trying to do it and failed despite a rigorous browser search for solutions that I tried including some terminal commands and deleting library prefs.
Recently I needed to reset my Outlook and Google cloud drives for some testing purposes. Both of these Apps have moved the actual data folders into the User Library into a folder named CloudStorage and will no longer allow users to choose their desired location for the data, only an alias. I spent an all nighter trying to do it which including deleting the contents of that folder. I was prevent from doing it by some hidden preferences as after I ‘deleted’ them it was impossible to empty the trash, Even booting from other drives and activating the root user failed to be productive. Given Apple’s myopic focus on trying to protect users from themselves they essentially removed the capability for me to manage my own machine. Understand that this was in my User Library not in any of the System Libraries. Even terminal commands and changing file privileges failed to work. After many hours I finally managed to do it, abet no sure exactly how I succeeded, but it was a combination of rebooting from my internal Apple SSD on an older macOS and with the assistance of CleanMyMac, I finally was able to be successful.
And for those that are frustrated with Finder changes and the latest Mac GUI, I invite you to check out this website to see how it should be done:
AskTog Home Page
This is the engineer that literally wrote the book called Apple Interface Guidelines, of which I still have a copy, and holds many patents on many of the GUI design features that we use everyday, It is a real eye opener and explains how a computer interface should be done and how to do it. Unfortunately is seems as though Apple has decided to toss all their copies into the trash in its latest iterations of macOS.
If you want a copy today: Apple human interface guidelines : the Apple desktop interface : Apple Computer, Inc : Free Download, Borrow, and Streaming : Internet Archive
The full text isn’t available on-line, but you can log on with an account and download it for a 14-day loan (like a public library).
Although the book is copyrighted, people have put full-text copies of various editions on-line. A web search can find them:
Thank you for posting this. FYI: I have a hardcopy of the original book. - The 1982 edition.
for those claiming this doesn’t happen if you disable backups, please enlighten me as to how to do that. i only see an option to backup to either icloud or the local device but nothing to forgo backups entirely. assume this is one of those “easily” discoverable features the fruities are notorious for.
iphone13m on ios16.3 but holding off updating its host to osx18.2 …
There’s no way to disable backups as such; you simply don’t sync, which also means not backing up because backups preceed syncs. You can do that by either turning off the automatic sync checkbox, or alternatively you could disable Wi-Fi sync, which would then limit your backup/sync to direct cable connections.
But it would be great if you could explicitly disable backup, though. For right now, I’ve just started using iCloud, with the absurd consequence that I’ve had to upgrade to the 200 GB plan because I’m using 50.2 GB of storage. It’s not so very funny.
that was my assumption. thanks for the sanity check.
for me, not syncing is right out. i’ve a playlist strategy that depends on regularly syncing the phone to remove recently played tracks from it (there’s nothing worse than plugging your phone into the car and hearing the same track every single time). plus my music library far exceeds the capacity of the phone. syncing is the only way to cycle through tracks.
appears the only solution is to keep nagging apple to fix this inane “security” feature. think it’s time to escalate it to the cook man hisself.
Or, as we discovered earlier in this thread, you can perform a sync and then click/tap “cancel” when the backup step asks for your passcode. The rest of the sync will proceed normally without making a backup.
I have also had this problem of “trust this computer” every time I try to back it up to my Mac. After spending a half an hour or more on the phone with Apple support, we discovered that in the settings for your iPad under “face ID & passcode” scrolling towards the bottom, there is a switch for accessories, which says “turn off to prevent accessories from connecting when your iPad has been locked for more than an hour.” Since the iPad has been off for an hour, we suspected that that is why is asking for a passcode. Switching this off and switching it on allows accessories to connect when the iPad has been locked for more than an hour. So far, I have not gotten the request to enter my password in order to do the back up.
Kudos to Rob 3rd(?) level support in Wisconsin.
The problem also shows up when an iPhone is on and has already been authenticated. It’s not an issue of locked/unlocked. Whenever it tries to back up, it will first ask for authentication. Even when it’s already been authenticated.
I suspect the reason you think it went away is because it does not back up on every sync if the most recent backup has already occurred within the last day. So the reason it’s no longer asking you to authenticate is because it’s only syncing. Put that iPad aside for two days and try again. It will then attempt to back up and thus it will ask for authentication again. Even if the device has already been turned on and authenticated.
Or force the issue by selecting the iPad in the Finder and clicking “Back up all of the data on your iPad to this Mac”. I’m betting with @Simon: The authentication prompt will show regardless of the setting for the option you and Apple support discovered.
Simon, I am afraid you are correct. Sorry for raising false hope. I should have waited longer…
It is absolutely discouraging sometimes to learn that Apple does not communicate changes like this well within their support people. This person wasted both your time and theirs trying out different options when they should have known of this change.
I’m guessing you aren’t talking about iTunes or iMazing. I’ve always had the Back-up feature in iTunes set to “Manual” and there isn’t an auto back-up setting in iMazing.
I’m not sure if this is an expansion of the issue noted in the original article, or if I just recently noticed it (I’m on macOS Ventura 13.2.1). The last couple times I’ve restarted my MBP M1 Pro, it’s asked me whether or not to allow a connection from my CalDigit Element TB4 hub. It’s particularly annoying, because I run the Mac in clamshell mode with two external monitors. Those monitors (you guessed it) are connected via the hub. So the user experience is Restart, then…black screens. Not until I lift the lid of the Mac do I see the alert. Once I allow the connection, all proceeds normally. Really annoying.
That’s interesting. Not seeing that here between Elements Hub and my M1 Pro 14". But I’m on 13.3.1 right now.
I know for sure Apple has changed something there. Before the 13.3 update a USB-connected SATA SSD would routinely fail to auto-mount ~ every other connection. Now it always comes up as it should, but its desktop icon will lag (you can’t select or drag it, but it shows) for a few seconds when it gets mounted. I’ve been seeing this both with the hub and without so my guess is this is more related to macOS’ handling of USB than TB. It’s great that things are getting fixed (at least partially) but it’s also a bit frustrating that Apple’s release notes make zero mention of any such changes.
Join the discussion in the TidBITS Discourse forum