Apple on Wednesday announced new iCloud security features to strengthen users’ privacy. This includes Advanced Data Protection with end-to-end encryption for all data saved in the cloud, as well as support for physical security keys. In an interview with WSJ’s Joanna Stern, Apple’s SVP of software, Craig Federighi, shared some details about what led the company to introduce such features to iCloud.
Federighi talks about end-to-end encryption coming to iCloud
When asked why it took so long for Apple to implement end-to-end encryption in iCloud Backup, Federighi said that the company had already been taking steps toward full data encryption since the introduction of iCloud in 2011. The executive argued that all these steps were “necessary precursors” to launching iCloud Advanced Data Protection.
Currently, only a few types of data stored in iCloud, such as health data and passwords, are end-to-end encrypted. But with Advanced Data Protection, users can choose to encrypt almost everything stored in iCloud, from photos, notes, and voice memos to entire device backups.
With standard iCloud protection, the data is synchronized with a key that lets Apple access that data if the user needs it. But with Advanced Data Protection, Apple will no longer store this key in iCloud. Instead, it will be stored exclusively on the user’s device. If there is eventually a breach on Apple’s servers, this means it will be harder for third parties to access this data.
Concerns about incidents
Federighi mentioned that one of the biggest concerns about end-to-end encryption in iCloud is the number of incidents related to users forgetting the passwords for their devices and accounts. This is why Advanced Data Protection won’t be on by default, because some people may prefer to keep storing their data keys in iCloud.
However, Apple will let users with Advanced Data Protection enabled set another person as a recovery contact, so that person’s device will also have the keys necessary to recover data from that iCloud account. At the same time, the company is finally letting users set up a physical security key for their iCloud account.
A user activating this feature is taking on an additional responsibility. They’re taking on responsibility for their data recovery, for setting up a recovery contact or securing a recovery key. All users may not be ready or willing to do that.
At the end of the interview, Apple’s SVP of Software also commented on government requests to unlock iCloud accounts and that the company has never delayed end-to-end encryption because of this. Federighi also confirmed that Advanced Data Protection will be released globally in 2023, including in China.
You can watch the full interview below or directly on YouTube:
Read also:
FTC: We use income earning auto affiliate links. More.
Comments