The Verge:
Unlike the iPhone hardware itself, Apple retains the ability to decrypt most of what’s in an iCloud backup. And the company on occasion turns the contents of iCloud backups over to the FBI and other law enforcement agencies when a proper legal warrant or court order is presented.
The company says its security policies for the phone are based on the fact that it’s a physical object that can be lost or stolen, so the need to protect the mass of personal data a typical iPhone contains compels the strongest possible measures.
However, in the case of iCloud, while security must also be strong, Apple says it must leave itself the ability to help the user restore their data, since that’s a key purpose of the service. This difference also helps dictate Apple’s response to law enforcement requests. The company’s position is that it will provide whatever relevant information it has to government agencies with proper, legal requests. However, it says, it doesn’t have the information needed to open a passcode-protected iPhone, so it has nothing to give. In the case of iCloud backups, however, it can access the information, so it can comply.
This is an old post from 2016 but, in light of the recent stories, it shows a couple of things. One, that the issue has been known about for quite some time and two, some of Apple’s rationale for doing it the way they do.