Apple today has announced a dramatic expansion of end-to-end encryption for its various cloud services. Called Advanced Data Protection, this initiative expands end-to-end encryption to a number of additional iCloud services, including iCloud device backups, Messages backups, Photos, and much more.
iCloud already offered end-to-end encryption for 14 different data categories, including things like iCloud Keychain and Health data. Today’s expansion, however, brings the number of data categories protected by end-to-end encryption to 23. The new iCloud services and data types now protected by end-to-end encryption are:
- Device Backups
- Messages Backups
- iCloud Drive
- Safari Bookmarks
- Siri Shortcuts
- Voice Memos
- Wallet Passes
“iCloud encrypts your data to keep it secure,” Apple explains. “Advanced Data Protection uses end-to-end encryption to ensure that iCloud data types listed here can only be decrypted on your trusted devices, protecting your information even in the case of a data breach in the cloud.”
At launch, Advanced Data Protection will be opt-in only, meaning you have to go into the Settings app and navigate to the iCloud menu to enable the feature. While the idea is that the feature will presumably eventually expand to be enabled for everyone, it’s still early in the implementation.
If you enable Advanced Data Protection, it means that no one will hold the keys to decrypt this data, including Apple. The only way to access the data is through one of your trusted Apple devices like your iPhone, iPad, or Mac.
This means that if you lose access to your devices, you will only be able to regain access using a recovery key or recovery contact. Because of this, if you enable the Advanced Data Protection feature, you’ll be guided through the process of setting up at least one recovery contact or recovery key before the feature is turned on.
Ivan Krstić, Apple’s head of security engineering and architecture, explained that this is Apple’s “highest level of cloud data security.”
“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.”
Advanced Data Protection is launching today in the latest iOS 16.2 beta. It will be available to everyone in the United States by the end of this year, with an expansion to the rest of the world slated for early 2023.
This marks a huge upgrade to Apple’s cloud services in terms of encryption. In particular, the lack of end-to-end encryption for Messages in the cloud and device backups has been one of the most common complaints among users. While iMessage as a service has been end-to-end encrypted since the beginning, the loophole in the chain was that the iCloud backups and Messages backups were not end-to-end encrypted.
As Apple explains:
Messages in iCloud is end-to-end encrypted when iCloud Backup is disabled. When iCloud Backup is enabled, your backup includes a copy of the Messages in iCloud encryption key to help you recover your data. If you turn off iCloud Backup, a new key is generated on your device to protect future Messages in iCloud. This key is end-to-end encrypted between your devices and isnʼt stored by Apple.
But with the new Advanced Data Protection feature enabled, Messages in iCloud is “always end-to-end encrypted.” So when iCloud Backup is enabled, “everything inside it is end-to-end encrypted, including the Messages in iCloud encryption key.”
With this expansion, there are only three major iCloud data categories not covered by end-to-end encryption: iCloud Mail, Contacts, and Calendar. Apple says this because of these services needing to rely on protocols that “interoperate with the global email, contacts, and calendar systems.”
FTC: We use income earning auto affiliate links. More.