Apple launches end-to-end encryption for iCloud Data

Advanced-Data Protection, Apple’s new optional end-to-end encryption scheme for iCloud, has launched today. With this, customer data is prevented from being decrypted on an “untrusted” device.

In other words, if Advanced Data Protection is in place and Apple were to be hacked, iCloud would still maintain most of its data. Also, as the Wall Street Journal points out, law enforcement officials would not be able to access iCloud backups stored on phones.

Advanced-Data Protection is currently available in the U.S. for members of the Apple Beta Software Program and coming to all U.S. users by the end of the year (with the rest of the world following in 2023). With this, iCloud users’ trusted devices (e.g., iPhones and Macs) will be solely responsible for accessing encryption keys for most of their data—enhancing security protections overall.

If you enable this feature, Apple servers will be unable to change certain iCloud settings for users or access data stored in iCloud backups, photos, notes, and CloudKit.

Before Advanced Data Protection was implemented, iCloud users had no way to prevent Apple from looking through their device backups for things like text messages and contacts.

The tech giant previously battled the FBI over encrypted iPhone data belonging to the San Bernadino shooter. The agency tried to compel Apple into unlocking a protected iPhone through the courts.

At the time, Apple stated that the FBI could instead access the data it desired via iCloud backups on its servers without encryption.

Unfortunately, Advanced Data Protection is not compatible with iWork collaboration tools, iCloud Mail, Shared Albums in Photos, Contacts or Calendar; this is due to the interoperability requirements set by Apple.

To take advantage of this new feature, users MUST enroll in two-factor authentication for their Apple ID, set a password or passcode on their devices, as well as update those devices to the newest software versions (iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2 watchOS 9.2).

In a support document, Apple clarifies that Advanced-Data Protection doesn’t currently offer protection for managed Apple IDs or Child user accounts.

In addition to announcing Advanced Data Protection, this morning Apple also announced iMessage Contact Key Verification and Security Keys– two other security-related capabilities that will be available in its product ecosystem.

Apple’s new iMessage Contact Key Verification system will allow users who are more susceptible to digital threats, such as journalists and government officials, to verify that they’re only messaging the people they want.

Apple announced that their new iMessage Contact Key Verification feature will send users an alert if someone tries to eavesdrop on their encrypted communications. The unique ID-verifying contact verification code can be compared in person, on FaceTime, or through a secure call.

Apple’s current two-factor authentication system will be improved by the use of Security Keys, which act as an extra layer of protection by requiring a hardware security key in order to authenticate a person’s Apple ID credentials.

Hardware keys are available in a variety of styles and price points and usually use Bluetooth, NFC, or USB to authenticate.

According to Apple, iMessage Contact Key Verification and Security Keys for Apple ID will be available worldwide starting in 2023.

Apple’s latest security features are a great way for users to protect their data and the data of those they interact with. These features will ensure that Apple customers continue to use their devices and services safely.

With Advanced Data Protection, users can rest assured knowing that their iCloud backups are secured from prying eyes. iMessage Contact Key Verification and Security Keys offer an added layer of security and peace of mind.

Ultimately, Apple is making it easier for users to protect their data with the launch of these new features.

This is an exciting time for Apple, which is continuously striving to make sure its customer data remains safe, secure, and private. With these new security features, users can rest assured their data is protected from malicious actors.

Leave a Comment