[lxgr]

I'm pretty sure they would, if they could think of a good way. Usable, yet secure backup encryption is so far an unsolved problem, as far as I can tell.

The two options, roughly speaking, are: Force users to store some high-entropy passphrase (which most users will then store somewhere not very secure), or let them pick their own passphrase (which won't be very good). This is what WhatsApp does.

A third one would be to allow a short passphrase and guard that by a server-side HSM or maybe SGX, which Signal seems to be somewhat fond of; I'm glad they're not doing that.