Yeah that's the likely story. But for something like data encryption that most likely is software based, Apple could have made that exception.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Advanced data protection
- Thread starter whsbuss
- Start date
- Sort by reaction score
the problem is, Apple is tying everything to OS updates.
tiny new features for certain apps like for Photos "now you can instantly copy your photos to Facebook!" often meant a new iOS/iPadOS version, which in reality was just a small update to the app, not OS related at all.
that they're now updating Safari separately is a good start though
tiny new features for certain apps like for Photos "now you can instantly copy your photos to Facebook!" often meant a new iOS/iPadOS version, which in reality was just a small update to the app, not OS related at all.
that they're now updating Safari separately is a good start though
You’ve obviously never written software. You don’t go making major development changes in old stable software versions. At this point Apple is providing security fixes to old versions, but that requires very little effort.
Say Apple did implement ADP in iOS 15 and managed to introduce bugs that broke a bunch of other stuff. Not only would they need to spend time updating an old iOS release, but then they’d have to spend time fixing it or just leave it broken.
I do agree only upgrading apps with iOS is annoying as it makes them difficult to update, though I’m some cases the Apps require APIs or background processes in newer versions of iOS. That doesn’t apply to ADP in any case as it’s not an app.
Well actually I’m a software engineer. Unless an OS update is tied to hardware and/or it required a major rewrite of the supporting libraries, it can be done. I understand Apple not wanting to backwards support these features but it certainly can be done.
Just tried to turn it on but it says I have to wait until mid January due to my device being to „new“ but the thing is … my latest Apple device is at least 12 months old 🤔
Has anyone had issues once they actually enabled Advanced Data Protection? For whatever reason, this simple toggle has me nervous.
No problems for me. I have my key and an emergency contact should something untoward happen. I am not worried.
So I just bought a MacBook Pro M1 and MacBook Air M1 and cannot turn on Advanced Data Protection until April 17, 2023. That's four months we have to wait. Does anyone know if I enable ADP for my other iCloud devices, will I be unable to still access iCloud files from my new devices? I don't want the new devices essentially locked out of iCloud if the existing devices are using ADP and encrypting files the new devices can't see/read.
I can walk through the process on my phone up until I have to enter my iPhone passcode. I'm reluctant to do it because I don't want to somehow lock my new devices out of iCloud by enabling ADP on my existing devices.
Edit: I just enabled it on my iPhone SE2020. Will monitor it closely to see if it affects the next MacBook Pro M1 from corresponding with my iCloud account, since I have ADP enabled on the phone but not the MBP (since the MBP is not eligible until April 2023).
Edit 2: Now ADP is enabled for my new MacBook Pro, which was not supposed to be eligible until April 2023. Interesting. So Apple wouldn't let me enable it on the MBP when I tried to initiate from the new device (MBP), but when I turned on ADP from my existing device (iPhone SE 2020), Apple enabled it for all the devices on my iCloud account.
Last edited:
That’s strange. I have to wait till Feb to enable it on my iPhone 13 Pro Max - the only new device is my S8 watch. Figure that out.
You can. You can set it up with one of your older devices and this issue will be resolved.
Thank you, Apple, for finally giving intelligent, capable users Advanced Data Protection.
"But users will screw this up and lose a lifetime of data! Better not allow this option!"
/s/FBI
Plenty of warnings are included for the lowest common denominator. If they screw themselves, cull the herd.
My own Recovery Key is in my Bitwarden password manager.
"But what if someone hacks Bitwarden and this user loses his Recovery Key? Better not allow the option."
/s/FBI
In my case, Advanced Data protection is on, and my iCloud backups are finally back on. 👍
"But users will screw this up and lose a lifetime of data! Better not allow this option!"
/s/FBI
Plenty of warnings are included for the lowest common denominator. If they screw themselves, cull the herd.
My own Recovery Key is in my Bitwarden password manager.
"But what if someone hacks Bitwarden and this user loses his Recovery Key? Better not allow the option."
/s/FBI
In my case, Advanced Data protection is on, and my iCloud backups are finally back on. 👍
Last edited by a moderator:
Details:
I have had a Recovery Key forever, no Recovery Contact. When I toggled the ADP switch on, it told me that I had to enter my Recovery Key and also update other clients (can't remember the exact word). All I have besides my iPhone 13ProMax is a pc running Windows 11. While anyway I hadn't been signed into iCloud for Windows for a long time, I went into iPhone's iCloud settings and disallowed the pc. Then it was all set and allowed the setting to be turned on. I might update iCloud for Windows and sign in again or I might not. Haven't decided yet. But for now, I access my iCloud on my pc on the web (iCloud.com).
I have had a Recovery Key forever, no Recovery Contact. When I toggled the ADP switch on, it told me that I had to enter my Recovery Key and also update other clients (can't remember the exact word). All I have besides my iPhone 13ProMax is a pc running Windows 11. While anyway I hadn't been signed into iCloud for Windows for a long time, I went into iPhone's iCloud settings and disallowed the pc. Then it was all set and allowed the setting to be turned on. I might update iCloud for Windows and sign in again or I might not. Haven't decided yet. But for now, I access my iCloud on my pc on the web (iCloud.com).
Did you ever get an answer about this? I am also confused about the process for recovery. For example, say that I am travelling and my iPhone gets lost/stolen, and I have no other devices with me on the trip. Let's say I buy a new iPhone and want to sign into my iCloud account. But I can't verify access (2 factor authentication codes) because all of my trusted devices are at home and not accessible. Can I use a recovery contact to authorize access (relatively easy, with a phone call)? Or am I forced to use the recovery key (harder to ensure that I have access while travelling in the event of device loss)?
I’m not sure.
Apple’s various support documents say the recovery key is only needed if you forget your iCloud password. If you still remember it, then you can use that and have the 2FA code sent to a trusted phone number.
Two-factor authentication for Apple Account - Apple Support
Two-factor authentication is designed to make sure that you're the only person who can access your account. Learn how it works and how to turn on two-factor authentication.
Basically the recovery key/contact is only required if you forget your iCloud password as the end result of using either is resetting your iCloud password.
Set up a recovery key for your Apple Account - Apple Support
A recovery key is an optional security feature that helps improve the security of your Apple Account. If you lose access to your account, you can use your recovery key to reset your password and regain access.
Of note, if Apple implemented things properly then either the recovery contact or key should work. The way iCloud encryption works is items are encrypted with one or more symmetric encryption keys. These key(s) are in turn encrypted with one or more public/private keys.
Here’s where things get murky. I know one of your device passcodes is used to symmetrically encrypt the private key (which can decrypt the iCloud decryption key). Presumably the private key is also symmetrically encrypted with the recovery key so that can be used to also decrypt the the private key. According to Apple the recovery contact code is one half of a randomly generated symmetric encryption key, with Apple storing the other half. Presumably the private key is also encrypted with that. As such if Apple implemented this correctly, you should be able to use the device passcode, the recovery key or the recovery contact to decrypt the iCloud private key and get access to your data. I don’t know if that’s the case or not.
Account recovery contact security
Users can add people they trust as account recovery contacts to protect their accounts and their end-to-end encrypted data.
support.apple.com
I’m not sure.
Apple’s various support documents say the recovery key is only needed if you forget your iCloud password. If you still remember it, then you can use that and have the 2FA code sent to a trusted phone number.
Two-factor authentication for Apple Account - Apple Support
Two-factor authentication is designed to make sure that you're the only person who can access your account. Learn how it works and how to turn on two-factor authentication.support.apple.com
Basically the recovery key/contact is only required if you forget your iCloud password as the end result of using either is resetting your iCloud password.
Thank you for the very detailed response! I guess I have to add a trusted phone number to my account that belongs to someone that I am unlikely to be travelling with, so that in the scenario I outlined, I could reach out to them for a 2FA code if I can't access any of my trusted devices. Is there any other way around this scenario?
I don’t think so. Note that the trusted phone number support document was last updated in October 2022, 2 months before the advanced data protection stuff, so it may be out of date.
The Apple page says "Updated software on all of the devices where you're signed in with your Apple ID". Is that signed into just iCloud or is it signed into any services using the Apple ID? I ask because I have older devices (macOS and iPads) which don't use iCloud, but do use my Apple ID for App Store and other purchases. Will that (when available) block me from using ADP?
Yeah, this happened to me, trying to do this today, Jan 8th. On every device it did this exact same thing.
However, for ended up fixing it for me is creating a recovery key, then disabling the recovery key, then re-creating a new recovery key again. After the 2nd recovery key creation, the settings sync'd up and now it says Recovery Key On as well as when you click through to manage it.