Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
59,215
23,134


Apple today announced it is expanding end-to-end encryption to many additional iCloud data categories on an opt-in basis for enhanced security.

Apple-advanced-security-Advanced-Data-Protection_screen-Feature.jpg

iCloud already protects 14 data categories using end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more, as outlined in this Apple support document. With the optional Advanced Data Protection feature, the number of iCloud data categories that use end-to-end encryption rises to 23.

Advanced Data Protection will be available on the iPhone, iPad, and Mac starting with iOS 16.2, iPadOS 16.2, and macOS 13.1 later this month and provides end-to-end encryption for the following additional iCloud categories:
  • Device Backups and Messages Backups
  • iCloud Drive
  • Notes
  • Photos
  • Reminders
  • Voice Memos
  • Safari Bookmarks
  • Siri Shortcuts
  • Wallet Passes
Apple says the only major iCloud data categories that are still not protected by end-to-end encryption are Mail, Contacts, and Calendar because of the "need to interoperate with the global email, contacts, and calendar systems" that use legacy technologies.

Advanced Data Protection for iCloud is available to test starting with the latest iOS 16.2, iPadOS 16.2, and macOS 13.1 beta versions being released today. Apple says the optional security feature will be available to U.S. users by the end of the year and will start rolling out to the rest of the world in early 2023.

End-to-end encrypted iCloud data can only be decrypted on your trusted Apple devices where you're signed in with your Apple ID account, ensuring that the data remains secure even in the case of a data breach in the cloud. Not even Apple has access to the encryption keys, so if you lose access to your account, you can only recover the data using your device passcode or password, recovery contact, or recovery key. Users will be guided to set up at least one recovery contact or recovery key before they turn on Advanced Data Protection.

"Advanced Data Protection is Apple's highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices," said Ivan Krstić, Apple's head of Security Engineering and Architecture. "For users who opt in, Advanced Data Protection keeps most iCloud data protected even in the case of a data breach in the cloud."

You can turn off Advanced Data Protection at any time. Upon doing so, your device will securely upload the required encryption keys to Apple servers, and your account will revert to a standard level of protection, according to Apple.

When Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default. Users have the option to turn on data access on iCloud.com, which allows the web browser and Apple to have temporary access to data-specific encryption keys.

Advanced Data Protection is designed to maintain end-to-end encryption for most shared iCloud content as long as all participants have Advanced Data Protection enabled, including iCloud Shared Photo Library, iCloud Drive shared folders, and shared Notes. However, Apple says iWork collaboration, the Shared Albums feature in Photos, and sharing content with "anyone with a link" do not support Advanced Data Protection.

For a more technical overview of Advanced Data Protection, read the iCloud security overview and the Apple Platform Security guide.

Article Link: Apple Announces End-to-End Encryption Option for iCloud Photos, Notes, Backups, and More
 
Last edited:

samwa3

macrumors regular
Dec 5, 2018
161
122
Germany
Credit where credit is due. This sounds really good. Never thought I'd see the day where my iCloud Drive and Photos will be secured by E2E encryption.

Still, device-side scanning of my photos is NOT ok and this will not change anything about that issue. Well, that got sorted out apparently. Great!
 
Last edited:

antiprotest

macrumors 68040
Apr 19, 2010
3,116
8,409
Not even Apple has access to the encryption keys
Finally. Very lame and anti-privacy for them to have waited this long. This would be true e2e encryption. It will not only protect our data in transit, but also protect our data from hackers, and from phishing and social engineering targeted toward Apple's end -- which they have already succumbed to in at least several documented cases, including fake warrants. It should also protect us from illegal snooping by Apple's employees.

But as Apple has a long and glorious history of messing up cloud things, I would wait for others to turn this on first to make sure Apple doesn't mess up and nuke everything.

Also it might be safe to assume that Apple will turn on CSAM before or very soon after e2e is implemented.
 

Anappleaday29

macrumors newbie
Oct 14, 2022
20
30
google, microsoft, and governments all over the world right now:

View attachment 2124892
The WSJ informed me of this article before MR did.

They stated exactly what you said: “Apple Inc. is planning to significantly expand its data-encryption practices, a step that is likely to create tensions with law enforcement and governments around the world as the company continues to build new privacy protections for millions of iPhone users.”
Hehe
 

Unregistered 4U

macrumors G3
Jul 22, 2002
8,230
5,855
I do wonder how this will be implemented. Will my data have to be re-encrypted on Apples servers with the new key?

I may wait a while before turning this on to see how things go.
I’m guessing so. And, as I expected, they wen’t back to the drawing board to make this a user-by-user choice instead of encrypting all the data (which the government would never let them to without those CSAM checks). So, for folks that want full encryption and are not storing CSAM images, they can have their full encryption (and continue their history of not doing that specific illegal thing).
 
  • Like
Reactions: centauratlas
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.