According to the EFF, the issues that require correction are "known privacy and security issues" that have "achievable fixes". From Apple, the EFF wants the company to implement user-encrypted iCloud backups that are inaccessible to the company, and thus to law enforcement.
iCloud content uploaded to Apple is encrypted at the server's site. With the appropriate legal requirements, Apple iCloud can provide information that includes name, address, email, and date / time stamped email logs, photos, Safari browsing history, iMessages, and more, complete Details that Apple explains on its privacy site. [PDF]
According to the EFF, Apple should let users "protect themselves" and "choose truly encrypted iCloud backups".
Apple did not encrypt iCloud backups because Apple prevented the iCloud backups from being forgotten for users who forgot their passwords. However, as the EFF points out, Apple CEO Tim Cook has stated in the past that Apple may seek to secure encrypted iCloud backups in the future. From an interview that Cook made with the German site Der Spiegel:
There our users have a key and we have one. We do this because some users lose or forget their key and then expect help from us to recover their data. It is difficult to know when we will change this practice. But I think that will be regulated in the future as well as the devices. So we will not have a key to it in the future.
The EFF has claims on other technology companies besides Apple. Android should allow users to deny and revoke Internet permissions on apps, while Twitter should encrypt direct messages directly and Facebook should stop using phone numbers to create targeted advertising accounts.
WhatsApp should seek user consent before adding users to users, Slack should give free workspace administrators control over data retention, and Verizon should stop the preinstallation of spyware on some smartphones.