I recently lost my phone but have a very recent backup. I've enabled the remote wipe feature using iCloud but the device has not been online since being lost. It was low on battery power so likely died.
I'd like to verify that the device was set up to erase the data after X failed passcode attempts. However, I'm having a really hard time finding where in the backup that information would be stored. My suspicion/fear is that it might not be stored at all and thus I have no way to really ensure that it's relatively safe.
I've already enabled remote erase if it comes online, changed passwords for critical systems and banned the device from multiple services. And while I'm 99% sure I set it up to erase, I'd really like the peace of mind that the last 1% offers.
Much appreciated for any responses.
Best Answer
You'll not likely be able to establish security after the fact directly. The protection is a combination of the hardware in the iOS device and the setting of a passcode lock and not a preference stored on a filesystem - it's baked into the OS. The backed up data is not encrypted at rest in the same manner as iOS's security. The act of restoring the backup also overrides whatever passcode lock and settings you had, so that's not a good way to proceed.
What you can do is research the exact model of the phone and the version of iOS. Grab this pdf from Apple: http://www.apple.com/business/docs/iOS_Security_Guide.pdf
Starting on Page 9 it describes the conditions needed for data to be encrypted at rest. It also has valuable information about what types of data is readable if someone guesses your passcode.
What you can do is restore your backup to the same class of hardware and observe that with a passcode set, the data protection is enabled. Hopefully you have an A7 or later processor since the PIN entry is governed by hardware rate limiters to reduce the chance your PIN can be brute forced.