iCloud backup “just works” until it doesn’t — until your iCloud quota fills, or you decide that storing the unencrypted contents of your iPhone at Apple is a posture you don’t love, or your Mac dies and you want a clean copy of your iPhone on a spare Linux box. Apple’s official backup paths are iCloud or Finder-on-Mac. There’s a third path that ships with most Linux distros and works fine: libimobiledevice with the idevicebackup2 tool.
The result is a full iPhone backup — the same data Finder backup creates — sitting on your Linux box, encrypted with a passphrase you set, restorable to any iPhone that supports the data. Here’s the version that’s worked reliably for me on a small home server.
What libimobiledevice is
It’s a reverse-engineered open-source implementation of Apple’s iTunes / Finder pairing protocol. Same wire protocol, different client. Apple doesn’t officially support it, but they also don’t break it — the iPhone treats a Linux box running libimobiledevice as a trusted host once you confirm the “Trust this Computer” prompt on the phone.
Tools in the suite, in order of usefulness:
idevicepair— pair the phone with this Linux box (one-time).idevicebackup2— the actual backup tool. Encrypted backups, restore, info commands.idevice_id— list connected devices and their UDIDs.idevicesyslog— live system log from the device. Genuinely useful for debugging.ifuse— mount the iPhone’s user filesystem (just photos and app docs — not the OS).
Step 1 — install
# Debian / Ubuntu / Raspberry Pi OS
sudo apt update
sudo apt install libimobiledevice-utils ifuse usbmuxd
# Fedora / RHEL
sudo dnf install libimobiledevice-utils ifuse usbmuxd
# Arch
sudo pacman -S libimobiledevice ifuse usbmuxdusbmuxd is the userspace daemon that talks to the iPhone over USB. It auto-starts on plug-in. No reboot needed.
Step 2 — pair the phone
Plug the iPhone into the Linux box with a Lightning / USB-C cable. Unlock the phone — the “Trust this Computer?” prompt appears. Tap Trust, enter your passcode.
idevice_id -l
# UDID prints, e.g.: 00008101-001A2B345C6D7E8F
idevicepair pair
# > SUCCESS: Paired with device <UDID>
idevicepair validate
# > SUCCESS: Validated pairingIf idevicepair pair says “ERROR: Could not validate” — unplug, replug, retap Trust on the phone, retry. Don’t fight it; the protocol is sensitive to the exact handshake order.
Step 3 — enable encrypted backups (do this from the phone)
By default idevicebackup2 creates unencrypted backups. You don’t want that — the backup contains keychain data, message history, photos. Set encryption on.
mkdir -p /srv/iphone-backups
idevicebackup2 backup encryption on /srv/iphone-backups/
# > Enter new backup password:
# > Verify backup password:
# > SUCCESS: Encryption enabledCrucial: store this password in a real password manager. If you lose it, the backup is unrecoverable, full stop. The encryption is enforced by the iPhone, not by the Linux tool — even Apple themselves cannot bypass it.
Step 4 — the actual backup
For a 256 GB iPhone with ~80 GB of data, this takes 30–45 minutes the first time over USB-2. Subsequent backups are incremental — only changed files transfer — typically 5–10 minutes if you back up daily.
The backup directory is named after the device UDID. Inside, you’ll see thousands of files named with sha1 hashes — this matches Apple’s backup format exactly. Don’t poke at the files individually; treat the directory as opaque.
Step 5 — automate it
I run a small udev rule + cron pair: the rule fires when the iPhone is plugged in, the cron retries the backup once an hour while the phone is plugged in, with a hard deadline so it doesn’t run forever.
# /etc/cron.hourly/iphone-backup
#!/usr/bin/env bash
DEVICE=$(idevice_id -l | head -1)
[ -z "$DEVICE" ] && exit 0 # no device plugged in
LOG=/var/log/iphone-backup.log
echo "[$(date)] starting backup of $DEVICE" >> $LOG
timeout 1800 idevicebackup2 backup /srv/iphone-backups/ >> $LOG 2>&1
echo "[$(date)] exit=$?" >> $LOGPlug the phone in to charge overnight on the Linux box, the cron triggers, an incremental backup completes by morning. Unplug, take the phone with you. The backup directory is on disk — rsync it to a NAS for offsite, or restic-encrypt it to B2 / Jottacloud for cloud-without-Apple.
Restoring
# to the same iPhone (or a freshly-set-up replacement):
idevicebackup2 restore --system /srv/iphone-backups/
# > Enter backup password: <the one you set in Step 3>
# > ...
# > Restore Successful. The device will reboot now.The iPhone reboots into the restored state. App data, Messages, photos, settings, keychain — all back. Apps themselves redownload from the App Store automatically (the backup contains the app list, not the binaries).
The catches I learned the hard way
- Wi-Fi sync mode is unreliable. libimobiledevice technically supports network-pair, but it’s flaky. Stick with USB.
- iOS upgrades sometimes break things. If the libimobiledevice version on your distro is older than your iOS version, you might see “Could not start backup service.” Update libimobiledevice from the upstream PPA / git, not just distro packages.
- Don’t change the backup password mid-stream. Once a backup directory has files written with one password, all future incrementals must use the same password. To rotate, do a fresh full backup.
- The backup is huge. A heavily-used iPhone backup is 60–150 GB. Plan disk space accordingly. The encryption means you can store this on cheap cloud archive tier (B2, S3 Glacier) without worrying.
- Dual-SIM and eSIM data does NOT transfer via this backup. Same as Apple’s official backup — cellular plans get re-activated on the new device, not restored from backup.
This is one of those workflows where, after a year of running it, you don’t think about iCloud Backup anymore. The phone is backed up nightly to a box you control, encrypted with a password only you know, restorable in 40 minutes. Apple’s storage tier becomes optional rather than load-bearing.
Photo: iPhone beside a laptop keyboard by Fotios Photos on Pexels.