If one doesn’t do iCloud backup right now, there are no keys for Apple to unlock.
If one turns off the new feature, I believe the user would have to do an iCloud backup before Apple had a key to unlock when compelled.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Announces End-to-End Encryption Option for iCloud Photos, Notes, Backups, and More
- Thread starter MacRumors
- Start date
- Sort by reaction score
If one turns off the new feature, I believe the user would have to do an iCloud backup before Apple had a key to unlock when compelled.
This is great news and has been needed for a very long time. I'm not sure I understand the logic of leaving Calendars, Contacts, and iCloud to iCloud emails out of it. Surely they can add those and then perhaps a warning when someone's trying to share a Contact or Calendar that the shared item will not have full E2E encryption protection since it must now "interoperate with the global email, contacts, and calendar systems."
It's disappointing that this is only available/fully usable for people who are up to date on operating systems across all their devices. It'd be nice to see compatibility with older devices and operating systems, at least a couple versions back.
I'm hoping this is the beginning or Apple taking security and privacy much more seriously. Another great step to take would be applying Private Relay to all network connections. Would also be nice to see a user-friendly PGP integration for Mail.
It's disappointing that this is only available/fully usable for people who are up to date on operating systems across all their devices. It'd be nice to see compatibility with older devices and operating systems, at least a couple versions back.
I'm hoping this is the beginning or Apple taking security and privacy much more seriously. Another great step to take would be applying Private Relay to all network connections. Would also be nice to see a user-friendly PGP integration for Mail.
You have me here, after trying for years we no longer use iCould and don't expect to, ever.
You'd have to hope that when this launches, people are looking at what's being sent to the server.
Though I get your point - if the keys are sent as encrypted traffic, there's no way that no one could ever know that that is happening.
I hope that they let 3rd parties audit them - although being Apple, that's highly unlikely.
I have an iPhone 13 but keep my old 7 plus in case of an emergency where I lose or break my 13. Apple is punishing and restricting me for having an old backup that is still very functional.
Yep. I'm not sure they had any alternative without retrofitting the feature into updates for old versions of the operating systems.
I moved my old iPad Air 2, which I use on the nightstand, and our old 2012 Mac mini, that runs a backup video server, to an alternate Apple ID and added that ID to the family so that it can still access Apple Music, Apple TV+, etc. (But that took our last family slot.)
I also added that alternate Apple ID as a recovery contact for my primary Apple ID, presumably allowing me to "recover" my primary account from an older device. I'm not sure how that would work—if all of my active devices simultaneously blew up, where would the keys come from?—but I accepted the invitation on my Air 2 (sent via Messages and confirmed via a popup).
So they are not daily driver backups, because the devices won't have access to my iCloud data, but they may be useful as recovery devices.
As a practical matter, the recovery devices for my current devices are my other current devices (e.g. personal iPhone, work iPhone, iPad Pro, 2018 Mac mini).
Ha! Especially Google. Holy sh*t if you’ve never read the Google privacy policy, READ IT NOW. And have a lawyer present. Lol. What a scary document that is. In a nutshell, Google has absolutely full access to absolutely everything you store on Google servers, AND, they have the full right to, for example, RECORD KEYSTROKES pressed when using any of their apps. Literally.
Now, I’m not a lawyer, but I’m not terribly dumb either, and that’s how I understood those particular sections. That was as-of ~1.5 years ago. Perhaps Google has come to their senses more recently and improved the policy. It’s also possible my interpretation is incorrect, and I’m happy with being corrected if I’m mistaken, but that’s what I recall reading and interpreting.
But there’s more… for example, they reserve the right to use YOUR works (art, text, etc) created using Google apps in their for-profit business without compensating you or even informing you — in other words if you create something cool in Google Sketch-Up, and if for any reason the document is even temporarily stored on Google servers, they have a right to use your sketch in one of their advertising campaigns, for free. It’s horrifying to read. The keystroke recording thing nearly made be vomit. I can’t imagine MS has a worse privacy policy, but I suppose anything is possible.
If it's truly a back up phone and used only as "an emergency" then why not create a new Apple ID that is used solely on that phone and then it can still be functional if needed, but your main daily driver phone and all other devices can be encrypted as they can remain on iOS 16. An emergency phone wouldn't be used for long, just while the daily driver is being repaired, so the inconvenience should be minimal to having a new Apple ID. That will also ensure that only minimal information about you will be visible in iCloud overall then from the new Apple ID.
You could even go as far as create a Family in iOS and add the emergency phone to the family and share purchases from the main Apple ID with that and still be able to use them as well if that was a concern.
I appreciate your workaround but it's not the most ideal solution. Maybe I’m just salty that Apple stopped supporting such a highly functional phone and now they are making it even saltier with this restriction on it being able to work with E2E.
About time. This is fantastic news! I will be turning this on once it is available.
You're google privacy points are legit, but dude, Google sold Sketchup 10 years ago.
The fact that the FBI said they are worried about this feature tells me that I should enable it.
We're at the point now where I trust Mark Zuckerberg more than the US Government with my data.
We're at the point now where I trust Mark Zuckerberg more than the US Government with my data.
Agree wholeheartedly. I keep a lot of information in my contacts that could be used by hackers. Has it occurred to Apple that the seemingly innocuous family list in contacts, e.g., mother, father, grandmother, sister etc, could be used by nefarious actors, or law enforcement to access encrypted content from my account to access my messages/email sent to someone else's account via their unencrypted account? So they cannot get into my phone or iCloud account, but can get into my brother's account to retrieve the e-mails I sent to him? I'm not sure this makes sense, but it seems plausible that info from my Contacts might provide easy access to the information I encrypted but others did not. Am I wrong?
You're not wrong. But it's not trivial to enable real E2E for your contacts while still providing compatibility with CardDAV. Same with your calendar and CalDAV. If you have a look at how for example Proton solves this with their calendaring and contact list products, you will notice that, well... they don't really. They are more secure thanks to E2E but they lack the sharing and synchronization options possible with iCloud. It would be however good for the user to have more options here to find their right fit between security and convenience.
May have already been mentioned but this changes the behavior of using the icloud.com site. Certain apps such as photos, notes, files, etc. now require you to have a device with you to authenticate.
From the site:
Advanced Data Protection is On. iCloud.com doesn’t have access to display some of your data, including photos, notes, reminders, files, and documents. Select an app to allow access using your Apple device.
From the site:
Advanced Data Protection is On. iCloud.com doesn’t have access to display some of your data, including photos, notes, reminders, files, and documents. Select an app to allow access using your Apple device.
What, your suspicionometer doesn't peg when somebody says something really colossally foolish? Mine does! If you told me you like to smoke cigars with the pilot light out in your furnace, I'd kind of make it a point to NOT trust you. Ever. I hope you would do the same with me!
Gotta point out - what Apple says in its statement about this expanded offering of encryption - and the one thing gnawing at me since I own and use several legacy devices which will never run 16.2 - is this: “You must also update all your Apple devices to a software version that supports this feature.” Oh well. I MIGHT (if possible) activate device backups for three that are on/soon to be on 16.2. Asling as older gear can still do THEIR backups no problemo.![]()
Apple today announced it is expanding end-to-end encryption to many additional iCloud data categories on an opt-in basis for enhanced security.
![Apple-advanced-security-Advanced-Data-Protection_screen-Feature.jpg]()
iCloud already protects 14 data categories using end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more, as outlined in this Apple support document. With the optional Advanced Data Protection feature, the number of iCloud data categories that use end-to-end encryption rises to 23.
Advanced Data Protection will be available on the iPhone, iPad, and Mac starting with iOS 16.2, iPadOS 16.2, and macOS 13.1 later this month and provides end-to-end encryption for the following additional iCloud categories:
Apple says the only major iCloud data categories that are still not protected by end-to-end encryption are Mail, Contacts, and Calendar because of the "need to interoperate with the global email, contacts, and calendar systems" that use legacy technologies.
- Device Backups and Messages Backups
- iCloud Drive
- Notes
- Photos
- Reminders
- Voice Memos
- Safari Bookmarks
- Siri Shortcuts
- Wallet Passes
Advanced Data Protection for iCloud is available to test starting with the latest iOS 16.2, iPadOS 16.2, and macOS 13.1 beta versions being released today. Apple says the optional security feature will be available to U.S. users by the end of the year and will start rolling out to the rest of the world in early 2023.
End-to-end encrypted iCloud data can only be decrypted on your trusted Apple devices where you're signed in with your Apple ID account, ensuring that the data remains secure even in the case of a data breach in the cloud. Not even Apple has access to the encryption keys, so if you lose access to your account, you can only recover the data using your device passcode or password, recovery contact, or recovery key. Users will be guided to set up at least one recovery contact or recovery key before they turn on Advanced Data Protection.
"Advanced Data Protection is Apple's highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices," said Ivan Krstić, Apple's head of Security Engineering and Architecture. "For users who opt in, Advanced Data Protection keeps most iCloud data protected even in the case of a data breach in the cloud."
You can turn off Advanced Data Protection at any time. Upon doing so, your device will securely upload the required encryption keys to Apple servers, and your account will revert to a standard level of protection, according to Apple.
When Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default. Users have the option to turn on data access on iCloud.com, which allows the web browser and Apple to have temporary access to data-specific encryption keys.
Advanced Data Protection is designed to maintain end-to-end encryption for most shared iCloud content as long as all participants have Advanced Data Protection enabled, including iCloud Shared Photo Library, iCloud Drive shared folders, and shared Notes. However, Apple says iWork collaboration, the Shared Albums feature in Photos, and sharing content with "anyone with a link" do not support Advanced Data Protection.
For a more technical overview of Advanced Data Protection, read the iCloud security overview and the Apple Platform Security guide.
Article Link: Apple Announces End-to-End Encryption Option for iCloud Photos, Notes, Backups, and More
I get you. For me to enable it, I had to remove two Macs from my Apple ID an older iMac and my old 2012 MacBook Pro both which will never support the newer operating system but no worries as I don’t use those machines anyway but know where you are coming from.
So what is the technical rationale for not having this enabled on older Macs?
If I can use FileVault on them without issues, them why not encrypted iCloud?
I get it that they want to sell more equipment, but this is just lame.
MacOS is supported for at least three years after it is superseded by a new version, so there's no excuse.
If I can use FileVault on them without issues, them why not encrypted iCloud?
I get it that they want to sell more equipment, but this is just lame.
MacOS is supported for at least three years after it is superseded by a new version, so there's no excuse.
My experience:
After updating my iPhone, iPad, and MacBook the settings app said I had to update our Apple TV, and a HomePod mini. So... updated all of those and was able to switch the slider to On. It took 10 seconds and poof, on.
I've got about 196.1GB in iCloud so I imagine it'll take some time to encrypt that all but very cool. Very easy, very simple, and easy to do.
I also have no problem with iCloud.com not having access to some of my data (I left that off). I never use it. Really like having that option to turn off.
Now yeah it would be nice to have my own key but I can only imagine the support nightmare of allowing users to have their own key.... I'm kinda glad it's managed by Apple - one less thing I have to worry about and type in manually on each device. I like this migration to passkeys from passwords.
Pretty simple and easy. Happy customer here.
After updating my iPhone, iPad, and MacBook the settings app said I had to update our Apple TV, and a HomePod mini. So... updated all of those and was able to switch the slider to On. It took 10 seconds and poof, on.
I've got about 196.1GB in iCloud so I imagine it'll take some time to encrypt that all but very cool. Very easy, very simple, and easy to do.
I also have no problem with iCloud.com not having access to some of my data (I left that off). I never use it. Really like having that option to turn off.
Now yeah it would be nice to have my own key but I can only imagine the support nightmare of allowing users to have their own key.... I'm kinda glad it's managed by Apple - one less thing I have to worry about and type in manually on each device. I like this migration to passkeys from passwords.
Pretty simple and easy. Happy customer here.
Last edited:
I'll let y'll beta test this for us until it gets enabled here and use https://cryptomator.org/ in the mean time for iCloud Drive content 
Probably will still use it afterwards, but doesn't hurt to have multiple defenses.
Probably will still use it afterwards, but doesn't hurt to have multiple defenses.