True, it depends on what you consider the ends. If you consider the ends to be the device and the storage, it’s encrypted all the way. But if you consider the ends to be the original device and the new device, it is not end to end encrypted because indeed Apple does have access to the key and password recovery is possible. But it is encrypted so it is possible to control and log who has access, IE not any random developer, support person or analytics system.