Advanced data protection

[Morac]

I think reminders is part of the calendar platform which is not ADP capable. Try sharing a photo and see what happens. I’m still delayed till February so I can’t

Reminders are included in the E2E protection. See the chart on:

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.

support.apple.com

 

[sjoerger]

I think reminders is part of the calendar platform which is not ADP capable. Try sharing a photo and see what happens. I’m still delayed till February so I can’t

On the iCloud data security overview page you linked to earlier it lists that Reminders supports end-to-end encryption when ADP is enabled according to the long table of services.

 

[fatTribble]

I enabled it, it was quick.

One thing that’s not exactly clear is what happens if you share something like a Note or an iCloud file with someone who doesn’t have ADP on.

The support document says if you share with everyone a key to decrypt the data is uploaded to Apple, but it also says you can only share with people with ADP on. As such it sounds like with ADP on you can either share with everyone unencrypted or individuals with E2E encryption enabled. I haven’t tried it so I don’t know how it actually works.

I’d also like to know if enabling a recovery key “overrides” everything else making that the only recovery mechanism that works. For now I’ve used recovery contacts.

Great updates! Please let us know what else you find out. This is helpful.

 

[whsbuss]

On the iCloud data security overview page you linked to earlier it lists that Reminders supports end-to-end encryption when ADP is enabled according to the long table of services.

I see that. Reminders was always part of the calendar platform in the past.

 

[Frankfurt]

So I successfully activated ADP via the recovery contact. When adding a recovery key it generated one but it did not let me verify the recovery key? Both times a key was generated the verification (typing it in to validate) failed. I am confident I typed it in correctly.
Anybody experienced that?

 

[BFG86]

So I successfully activated ADP via the recovery contact. When adding a recovery key it generated one but it did not let me verify the recovery key? Both times a key was generated the verification (typing it in to validate) failed. I am confident I typed it in correctly.
Anybody experienced that?

Yep. I had the same problem. I had to remove the recovery key and use a contact to get it to work

 

[Frankfurt]

Yep. I had the same problem. I had to remove the recovery key and use a contact to get it to work

Finally worked with the third generated key!

 

[JBinPDX]

So I successfully activated ADP via the recovery contact. When adding a recovery key it generated one but it did not let me verify the recovery key? Both times a key was generated the verification (typing it in to validate) failed. I am confident I typed it in correctly.
Anybody experienced that?

Yes. I had two different keys generated on my MacBook Air and neither worked. I tried generating a key on my phone instead, and that worked fine. Third time's a charm, I guess.

 

[JBinPDX]

Just in case anyone else runs into this...

I have an iPhone 14, a MacBook Air, and an iPad Mini. All are updated to the latest OS. I also have a PC running Windows 11 and iCloud for Windows. ADP could not be turned on because of the PC. It was running iCloud v 13.xx. iCloud v 14.1 is required. The Windows Store showed an updated version, but would not install it. I finally ended up having to follow this process:
- Signed out of iCloud. I said "Yes" to both delete the data from this PC and keep a copy of contacts.
- Completely uninstalled iCloud. The apps list in Setting showed iCloud and "iCloud for Outlook." I only uninstalled iCloud and left the iCloud for Outlook alone.
- The Windows Store now showed the correct version of iCloud and the Install button was available. I installed iCloud.
- I signed back into iCloud and checked the relevant boxes. I doubled checked that everything worked in Outlook and data was syncing as expected.

Then I was able to turn on ADP.

 

[Fontane]

I have iOS 16.2 on iPhone and iPad but the advanced data protection option is not listed where it should be. I have devices connected to my iCloud that are not eligible, but that should not stop the eligible devices from at least listing it as an option.

Any idea why my iOS devices aren't showing advanced data protection as an option (under settings, user, icloud)

 

[Fontane]

I am more miffed with not allowing my iPhone X and iPhone 6S from being included. I use them as TV Remotes and audio base stations for music.
I can't upgrade, especially since my 2016 MBP can't go to Ventura and I use it as a cheaper Home NAS and need my AppleID on it due to all my DVDs and Blu-Rays being digitally stored in iCloud.

I have to take a hard pass on it.

In my opinion, Apple cut off devices that are not that old (2016). It's another shiesty tactic from Apple to get people to upgrade their devices.

 

[whsbuss]

In my opinion, Apple cut off devices that are not that old (2016). It's another shiesty tactic from Apple to get people to upgrade their devices.

Said that earlier. If the hardware is not capable, that’s one thing. But ADP is software based. Typical Apple.

 

[mlody]

I can see this becoming a nightmare. People are careless and they will lose these encryption keys.Then they will lose all their dat and blame Apple for it.

That is why Apple is not forcing this on anyone, instead the feature is OFF by default. If someone decides to enable it, there are enough prompts warning about the ramification of losing those keys!

 

[mlody]

In my opinion, Apple cut off devices that are not that old (2016). It's another shiesty tactic from Apple to get people to upgrade their devices.

Allowing systems as old as 2017 to have the latest advanced security features is not shiesty tactics.

For instance, Windows 11 requires at the minimum 8th gen Intel CPUs and many of those didn't get released till second half of 2018, meaning you need late 2018 or early 2019 system to even have Windows 11.

Am I happy that my daughter's Early 2015 MBP is not supported, sure, but I also understand the possible reasons why Apple didn't include it.

 

[mlody]

This page is worth reading if you haven't already. https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web

I read this and nowhere it explains why some need to wait few months before being able to enable ADP. Odd

 

[Fontane]

Allowing systems as old as 2017 to have the latest advanced security features is not shiesty tactics.

For instance, Windows 11 requires at the minimum 8th gen Intel CPUs and many of those didn't get released till second half of 2018, meaning you need late 2018 or early 2019 system to even have Windows 11.

Am I happy that my daughter's Early 2015 MBP is not supported, sure, but I also understand the possible reasons why Apple didn't include it.

iCloud encryption is a software-based implementation. There is no good reason why Apple cannot apply it to systems that are only 6 years old. Hardware encryption, sure, I get it. But not software.

 

[unrigestered]

the Windows 11 thing is a one timer (yet), everything else about Windows has been pretty much downwards (and even upwards compatible in most cases too) for decades.

they "had to" go this route with Win 11 since they wanted to ensure that the systems have that certain security chip installed, that's only available on new-ish mainboards.

 

[mlody]

iCloud encryption is a software-based implementation. There is no good reason why Apple cannot apply it to systems that are only 6 years old. Hardware encryption, sure, I get it. But not software.

True, but typically software might depend or requires certain underlying technology/security features only available on specific OS. Some of those features might also depend on CPUs

 

[mlody]

the Windows 11 thing is a one timer (yet), everything else about Windows has been pretty much downwards (and even upwards compatible in most cases too) for decades.

they "had to" go this route with Win 11 since they wanted to ensure that the systems have that certain security chip installed, that's only available on new-ish mainboards.

Well, Apple might be relying on certain minimum CPU hardware as well to offload computing to hardware for improved performance, we just don't know that.

 

[mlody]

iCloud encryption is a software-based implementation. There is no good reason why Apple cannot apply it to systems that are only 6 years old. Hardware encryption, sure, I get it. But not software.

Well, Apple might be relying on certain minimum CPU hardware as well to offload computing to hardware for improved performance, we just don't know that.

 

[unrigestered]

Of course we don't know for certain, but it's imo highly unlikely.
way more likely (like close to 99%) is it's once again Apple's usual "it's been 5 years already, so go buy a new system ffs!" business model

 

[Fontane]

True, but typically software might depend or requires certain underlying technology/security features only available on specific OS. Some of those features might also depend on CPUs

I find it hard to believe there are hundreds of software packages using standard encryption implementations on legacy operating systems, yet Apple is unable to do it for an OS on hardware as recent as 2016. Especially considering Apple's history/strategy of phasing out its hardware systems fairly quickly (that's subjective, my opinion).

 

[fatTribble]

I can see this becoming a nightmare. People are careless and they will lose these encryption keys.Then they will lose all their dat and blame Apple for it.

To be clear, I don’t believe we have access directly to encryption keys. We just use our passcode to get into the device and occasionally our Apple ID password. None of that changes. The only thing we could lose is the recovery key but if you assign a recovery contact you’ll be fine.

 

[contacos]

Will I still be able to enable this if I am logged in due to TV+ on my Philips TV with Android TV? I also have an old Apple TV 3 but I’d be fine with logging out of that one to get it to work

 

[Morac]

Of course we don't know for certain, but it's imo highly unlikely.
way more likely (like close to 99%) is it's once again Apple's usual "it's been 5 years already, so go buy a new system ffs!" business model

Except it works on devices from 7 years ago.

Apple isn’t back-porting the feature into iOS 15, so if a device is too old to run iOS 16, it’s not getting it.