Are backups exported by the iOS app encrypted? Should I be extra careful while handling them?
they are not yet encrypted. The backups are TAR archives containing a SQLite database and the account’s media. This also applies to the backups of DC desktop.
In the meantime, maybe the UI should warn the user to be extra-careful with those backups?
there is an option in the Android client to encrypt the database, currently the blobs are saved outside the SQLite database so it is is not that strong protection, also I think the client doesn’t give control over the password to decrypt the database, so my guess is that backup is saved with unencrypted database or including the database password, otherwise I think other clients wouldn’t be able to import the backup
I don’t remember well, but IIRC the app already give warnings about not storing backups for too long and that it is dangerous, at least on Android