The plaintext TSS/ECID and the plaintext OCSP issues have been fixed, which IMO were the only meaningful security gripes of the article.
The iMessage/ADP/Metadata stuff I think is more of an implementation decision than a meaningful attempt at data collection. Using clear text file names and hashes for dealing with collisions and deduplicating is a reasonable first pass at something like this. Sure, they could probably roll some end-to-end obfuscation for this, but with how big their stack and cloud integrations are, I’m sure that’s non-trivial.
The iMessage/ADP/Metadata stuff I think is more of an implementation decision than a meaningful attempt at data collection. Using clear text file names and hashes for dealing with collisions and deduplicating is a reasonable first pass at something like this. Sure, they could probably roll some end-to-end obfuscation for this, but with how big their stack and cloud integrations are, I’m sure that’s non-trivial.