Of course Apple controls the software. Apple or any manufacturer could push an update overnight that disables all encryption and transmits your data to Donald Trump or whoever they want the next time you enter your passcode. There’s exactly zero “security researcher insight” in observing that.
The question is, if you trust that iOS and iCloud work the way Apple says they do (under oath), how vulnerable are they to an adversarial cloud. They have designed a system to keep your keychain safe under these conditions.
The question is, if you trust that iOS and iCloud work the way Apple says they do (under oath), how vulnerable are they to an adversarial cloud. They have designed a system to keep your keychain safe under these conditions.