Skip to main content

Apple begins encrypting iCloud email sent between providers

Last month Apple confirmed that it would soon beef up encryption for iCloud email following a report detailing security flaws in major email services. While Apple previously encrypted emails sent between its own iCloud customers, now the company has enabled encryption for emails in transit between iCloud and third-party services for me.com and mac.com email addresses. 

The change is documented on Google’s transparency website that shows the percentage of emails encrypted in transit for both inbound and outbound email exchanges (pictured below):

Apple is yet to make an official announcement for the changes.

The change is a welcomed one for users following several media reports noting that Apple was one of the last global email providers based in the US not providing encryption for email between providers. However, there are already reports that Apple’s method of encryption might not be as secure as security experts hoped. A translated report from Heise.de, which examined the new methods of encryption, notes that Apple is using the RC4 encryption algorithm that it claims leaves much to be desired in terms of possible eavesdropping. A security researcher we spoke to said RC4-128 (which is the version of RC4 Apple is believed to be using) is far weaker than AES-128. The researcher also noted there has been suggestions, though not yet proof, that the NSA has broken RC4-128.

We’ve reached out to Apple for a comment on the new encryption methods and will update if we hear back.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. D.A.H. Trump - 10 years ago

    hmmm.. I’d like to see where this goes. Glad they added some encryption, though.

    • What’s the point of encrypting messages between providers, if each is monitored by NSA from the inside?

      • Randy March - 10 years ago

        Well, at least nobody outside the NSA, a few other intelligence agencies, and very experienced black hats can read them now. That should account for at least something. :-p

  2. anoneemousone - 10 years ago

    Rolling out this better, but weak encryption approach won’t help customer’s trust Apple. Trust in Apple is sliding fast.

    The company is now in bed with the Obama/CIA/NSA team and is gaining Apple’s support for access to your data without your knowledge of cooperation.

    • Gregory Wright - 10 years ago

      Please!

      • anoneemousone - 10 years ago

        I did not mean to imply that Apple was the only company cooperating with law enforcement and national security establishments in ways that violate the 4th amendment. These companies give access to your data without your knowledge of cooperation, and many, many times without a warrant.

  3. gkmac - 10 years ago

    According to the ssl-tools checker RC4 is the same encryption Google enables in Gmail server, it’s not like Apple could force other Internet servers to use something better..

    They have to use a common protocol.

    • saoir - 10 years ago

      Also does anyone, and I mean ANY sentient being, believe that ANY of these major companies is not providing the NSA with a back door to their encryption ?

      The problem that has arisen now is that NONE of these organisations … my beloved Apple, Google, Microsoft and the list goes on … have any credibility on this issue left.

Author

Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & Electrek.co. He also co-authors 9to5Mac’s Logic Pros series.