It’s a good idea to symmetrically encrypt backups so that the receiving backup server is unaware of the actual contents. However, this post says they’re using a source such as the unlock PIN/pattern/passcode used to unlock the device, which is usually very low entropy for most users. Thus I suspect it would be extremely trivial to decrypt most of these backups with only a very small amount of brute forcing?
Some good replies to my question here
…and I assume  these encrypted backups are safe from the eyes of all those TLA’s  which are so keen on ‘total information awareness’ and such?
 …which makes an ass out of you and me
 an acronym for ‘three letter acronyms ’
 No Such Agency (trust me)
There was a time I might have thought nothing of this but given the size of the Android market and bigG being bigG, there is no way this is just a cool feature for their users. It must have some economical value (other than marketing) for setting up such an infrastructure would be only a money sink, which doesn’t usually bode well with shareholders.
I have to agree.
Call me cynical, but the fact they are doing this for free and encouraging you to use it just further convinces me to avoid it at all costs.
That Titan chip is pretty cool.
This seems like a positive change, and publicizing the NCC review and the short form of the review results is appreciated.
This feels like a good PR move in light of G+ and everything getting hacked, as well as one-upping Apple (iCloud backups are not end-to-end encrypted as of now).
Obviously, publishing the Titan chip specification would be awesome, and boost trust further, but will likely never happen.