To be fair, if the encryption key/password/whatever never leaves your phone, and they're just storing the encrypted data directly in the cloud, then it's only slightly less secure than your physical phone itself. Yes, a government could get the data, and you should always assume their bruteforcing abilities are way better than a normal attackers, but if the encryption algorithm is good and it's encrypted/decrypted phone-side only, even if they get it it should in theory take them a decently long time to crack it. (...) But yeah, I really really hope they encrypt/decrypt it ONLY phoneside and nowhere else (and are upfront that you are sacrificing a layer of security when using cloud storage). If they fail to do so, then like you say, it is snake oil peddling.