Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple's Craig Federighi Discusses Expanded iCloud End-to-End Encryption

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,545
39,400


Apple today announced the launch of an Advanced Data Protection feature that expands end-to-end encryption to additional data stored in iCloud, including iCloud Backup, iCloud Drive, Reminders, Notes, and more. With the launch of the feature, Apple's Craig Federighi did a quick interview with The Wall Street Journal's Joanna Stern to discuss the change, and other new security features that are coming in the future.


Federighi said that expanding iCloud end-to-end encryption took a long time to implement because Apple needed to "build toward the moment" and prove the technology.
Some of the steps we took over a decade ago designing iCloud and the way we encrypted were necessary precursors to build toward this moment, and using end-to-end encryption for the other types of data like passwords and browser history helped prove out that technology.
Click to expand...
With end-to-end encryption expanding to most iCloud services, should an attacker get access to iCloud data, there would be no way to decrypt it. As a downside, it will prevent information from being accessible on iCloud.com, which is why it is an opt-in feature that can be enabled or disabled dependent on the level of security and convenience each iPhone user desires.

As for data recovery, Federighi explains that a person who has Advanced Data Protection enabled that loses access to their device and forgets their iCloud password would need to have established a recovery key or a Data Recovery Contact to get access to their content.
A user activating this feature is taking on an additional responsibility. They're taking on responsibility for their data recovery, from setting up a Data Recovery Contact or securing a recovery key. All users might not be ready or willing to do that.
Click to expand...
Advanced Data Protection will not allow law enforcement officials to access data like iCloud backups or photos, something that is possible now with unencrypted iCloud backups. When asked if Apple considered this when implementing Advanced Data Protection, Federighi basically said that the benefits outweigh the negatives as it provides protection to government officials who might be targeted by foreign adversaries.
We deeply appreciate the work of law enforcement and support the work of law enforcement. We view that we really have the same mission at heart, which is to keep people safe. Ultimately keeping customers' data safe has big implications on our safety more broadly. There's sensitive information that were an ill-intentioned attacker, whether that be a foreign adversary or organized crime, to get access to information of our political leaders or others who have particular secrets, or access to systems, would be a disaster for us all.

We see this as important to accomplishing the mission we share, which is to keep users safe.
Click to expand...
Federighi said that rumors that iCloud backups were once scrapped because it would harm law enforcement investigations were untrue, and that the impact on law enforcement was not a consideration when implementing Advanced Data Protection. Federighi said the only way to keep customer data safe is to stay "one step ahead" of the attackers with features like Advanced Data Protection.

Federighi's full interview can be watched up above, and more information on Advanced Data Protection can be found in our dedicated article on the feature. Apple today also announced new iMessage and Apple ID security enhancements, and said that it had scrapped plans to detect known Child Sexual Abuse Material stored in iCloud Photos.

Article Link: Apple's Craig Federighi Discusses Expanded iCloud End-to-End Encryption
 
Article Link
https://www.macrumors.com/2022/12/07/apple-federighi-discusses-icloud-encryption/
  • Like
  • Love
  • Wow
Reactions: DeepIn2U, Sikh, imdog and 4 others
The secret is

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGOQ55oBEADvcFqqBmNZMvi7IYwy5hLxGoA5mkhb8Xn1yi2E/o0tg3Td69XQ
iMePRcWCTXQKGUcX6gLJrznkNvT+uYjKkD3XFMnZ5AFUfg649/bPNRkJR1D2a6y1
5kH3O4e2t4Q0P5XKK/y579QIGRDjPuUEmOfOnL3ccJ2YEsMP5dcNhDwp4S1e7pTM
F3Jhr0g8iMcyfYzsCo2GYTEvtWYT87SHWeCjJAo/1x3T0SvMeIFfie9DRa8+4eqp
vmsbvwGWFFAmUZnrbHEln+N+yrxhuUc4N8L0TSOo19zLkyeiCdtOK+P5Ogvb8Sox
P2aF7+x146CGZVhkLfSt8g9SvhAu0Ilqh/4w1pcijwiY8FONZaPTDX7+5XEMZuEz
89S+1NX2vJaNGT4+5XM5ITOQeYYg6OLiPC0bnMOCfsKaG2X3ENoYigmrp3ZGB+qJ
FvpYLgTJaQq+hzGqEDC8bOuMhfEmN+ohLMmJNfm5xlQ8Aa2jnxsDhIii7KXUptl6
S5XiSKuPUxy9wgzsgXns3cc4+JnE1R1fSt45xkqwjIopijYSObktbBNGLt5pBFSJ
qeSe64pepeg7lIdvHWG8CdYWEZc6FIIlRU6sTL73Jn5G5aevkPoM8q4C2xmBCJop
fZPSQlvznDPmTi9tcxn3MoxH5d5cxmpAf/Q5l3houoOY8z543XT7i8o4iwARAQAB
tAR0ZXN0iQJUBBMBCAA+FiEEVdUvy689UJyc3qiwQ1Xy9i0VDrsFAmOQ55oCGwMF
CQeGH1cFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQQ1Xy9i0VDrsT2g//ext0
MFdwxjJsX9PBUDquccFTrb2meYTDAr1rH7GVP8+ibkb2cAplSzdyeBs6wjMlI0B/
Jp6CZ5NW0VBIqQjP3roJB3G2ytLMpObFmh30up2tZHL+SoZit4MXlvJCAJyRMBOF
FRfLcekEbkgUoruPKJrUhwGRNhzD3U6TkGqZenSOPc6GxRKM3rTKYyeqVfQ7Iwj6
C3cKpgJx/qscghWITKzDUQs510KEJ1/+YL436qgCj/e/as8i6Y9Jb7AA6LsNkkxb
+IoKRTJDAm8I/ufcOuv5RUh8MmkThH9nlfw3pQvrtpVWyrXls6f865NggndVJmao
5c1iX07MNs/3RQWrCGLoDQxS4Fq4eQdY5pcSNLOQMNdnZEpNZ18f6+e8HMwXkg9y
nxoKSth4H/uXTk5D0B5Xg+khHl1EkYUu8aVwTHioO3LetK40zKQDY64VGmBa2u6p
85d+Zh7WacAKgrGN7IX84u5azTu2HfU8Jnz/O1X/vFEU7/tzWCHZhfutwLLeLmBN
Ln9SZ3cSc9oTpWhI9NGWG1oEtS3V60O2fxEtRmr+ex+xB2FQBQKtc80GefGc3D2i
hhXsFx+MUgGlMXjQSx7lDmXufFaqwWwE3aeldEU69NIgzKq6seKswBSp1aX09VqJ
PE5GDX/+02Mhk5IZkbdXIGLGRp2hII1lKZ2mkby5Ag0EY5DnmgEQAOn19BLi2THE
60U8itBNHUH+LlWL1KKFdM3YVpnWxAmWvNFt9aQfbKqcj3OUUadJ/BQpom6Y5feG
JbgXzsE9P9FmY5SGAtWBpAiGRdHdd6GPeV85wFKeloULEC49CSIrjob0nze2SyNs
TjsKsaWCLaJ620OHkjYTIM/wGKGajEcT6rsyhVirtpTCbYp4QYcXcp75/A02lgCo
Qv8x70fafW9hiPcB7JDhL/0EAyBqXWsHt0I1pWh9UNqWjmC3NIGfBLhS2G+MX2yX
GQ4s5CnaudoSWgRNgB1nkb+iuPtnDc2h60WsFNhNNZOQikdDuPrI06KBe2HKX0C8
PLOk5Y6S9utUB4MpaaBS7i45laXbd7vEdbPS7FEmz8dimoBRi5wvnNAWNkQe+/RT
Pv1HD9+WM0U2jAHdpfgGDTvDn7mAYvh77OWoFNeCR1Sk3zNbzzx/Mcs/SGeOJCZr
zYPIa6uVFgiOo5sjRlBPzUnJPKQc4YFkc65AxcmXaPpug2tD2kmehtsbIA8+4An1
bWZibQwZKCqNwpOOGKHnw23oMsk2UfKiR4YEbk3cqZB7hWqLbalR30Z+cFhgsAJ/
05enhjLSliOc65m06FyW2yJYyBvMnMeh4zTCzTbqugKUDr5BjRSgLPRDbnyI3D9f
YHSPR20fG5O5Jo00XVaODEdlhNcORYYZABEBAAGJAjwEGAEIACYWIQRV1S/Lrz1Q
nJzeqLBDVfL2LRUOuwUCY5DnmgIbDAUJB4YfVwAKCRBDVfL2LRUOu6nfD/9E9dqg
p9Emhm17rh8UVVRFb/ufezmyKEiKmKewW7cOlb2cmItcY3ffdNt0+ASXAfjUjN+p
cEfeb6mFSQJvDcIFZFn3HmZRySgyz9uII9R4cv7IX36UnV7yM1O9YWa0GyamDGVZ
SUxJEderuROxgZpo/3lxcqqRcdyJQU2OIqNyelkAYWPeB+tCP827nBZ6xf2IJ7HK
4k0vrKgKEyUwigml/WeErzCygQXsKVox+sBwCi2ZgL+3kZKIVPvjZQlinQmpPDsr
BCPKg7ZTtahDfPRS2tU30TSbJux6p2S6/keDx4VrmCrFHKab6JBq3KDuNPjGCCDr
h0Zo0fzhVa+85U90ra9VHI13W7jcUgeUAflvsGw5mAQZ4KMQp++6/H2OfC5TfV6N
rrgKSx6wTmoLO3zqTpG80t4wX85YmVU/Jwfij83GLm+hqVbGcaQ78Qb5IH9gztCQ
8IIz8c55ONE4iu7DQWxmOuksnN7j58kwn16ovErdsDAggYgN+D8GKIOj1ALGdSOW
PwE7CbG0K9IeLKr2TabtdUEz6YwVr1A1J3OgSdYSRLDa17GFw1hgxA4aip6XxyBv
JngSb3jqbk9646eSHSoK//alkaPF277Gn0PKSmR+Ex0ibfGc6SEl8s1zz3lQxBjF
zwF9ft9F1vIf+0dsQLyxMp01qY/1yWMmayJUww==
=ID0y
-----END PGP PUBLIC KEY BLOCK-----


a-beautiful-mind.jpg
 
  • Haha
  • Like
Reactions: Sikh, zapmymac, madmin and 20 others
This is really big, surprising move from Apple, probably part of the reason of dropping CSAM, but I have this feeling that the government no longer needs these keys because of the advances in quantum computing. :cool:
Google now it is your turn, Apple called your bluff.
 
  • Like
Reactions: dustin_, AppliedMicro, pbrey1017 and 15 others
On a serious note, with anything really worth keeping private, I use GPG before uploading to the cloud. I used to keep sensitive local files encrypted as well (likely overkill now?) and have been using GPG (PGP even before Symantec bought it) since the late 90's.

There are probably more seemless ways to do it, but this forces me to keep it in mind.

Wait what is that black helicopter doing outside my window? Knock, knock Neo.

GPG Suite

Everything you need to get started with secure communication and encrypting files in one simple package leveraging the power of OpenPGP/GPG
gpgtools.org gpgtools.org

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
Click to expand...

Pretty Good Privacy - Wikipedia

en.wikipedia.org en.wikipedia.org
 
Last edited:
  • Like
Reactions: zapmymac, blizzerand, topcat001 and 3 others
I guess they must’ve found a way to do E2E encryption with government backdoors that they feel are secure (or obfuscated) enough to be undetectable. Maybe they’ll just compromise targeted devices/accounts by hidden firmware updates or something.

Apple is after all an American company subject to U.S. surveillance laws.

They just won’t allow a company (service) the size of Apple (iCloud) to provide true end-to-end encryption to everyone over the mid to long term. And most of it is shrouded in secrecy and guarded by gag orders issued by secretive agencies and secret laws legally interpreted by secret courts.
 
Last edited:
  • Disagree
  • Like
  • Haha
Reactions: Sikh, zecanard, racerhomie and 23 others
vegetassj4 said:
The secret is

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGOQ55oBEADvcFqqBmNZMvi7IYwy5hLxGoA5mkhb8Xn1yi2E/o0tg3Td69XQ
iMePRcWCTXQKGUcX6gLJrznkNvT+uYjKkD3XFMnZ5AFUfg649/bPNRkJR1D2a6y1
5kH3O4e2t4Q0P5XKK/y579QIGRDjPuUEmOfOnL3ccJ2YEsMP5dcNhDwp4S1e7pTM
F3Jhr0g8iMcyfYzsCo2GYTEvtWYT87SHWeCjJAo/1x3T0SvMeIFfie9DRa8+4eqp
vmsbvwGWFFAmUZnrbHEln+N+yrxhuUc4N8L0TSOo19zLkyeiCdtOK+P5Ogvb8Sox
P2aF7+x146CGZVhkLfSt8g9SvhAu0Ilqh/4w1pcijwiY8FONZaPTDX7+5XEMZuEz
89S+1NX2vJaNGT4+5XM5ITOQeYYg6OLiPC0bnMOCfsKaG2X3ENoYigmrp3ZGB+qJ
FvpYLgTJaQq+hzGqEDC8bOuMhfEmN+ohLMmJNfm5xlQ8Aa2jnxsDhIii7KXUptl6
S5XiSKuPUxy9wgzsgXns3cc4+JnE1R1fSt45xkqwjIopijYSObktbBNGLt5pBFSJ
qeSe64pepeg7lIdvHWG8CdYWEZc6FIIlRU6sTL73Jn5G5aevkPoM8q4C2xmBCJop
fZPSQlvznDPmTi9tcxn3MoxH5d5cxmpAf/Q5l3houoOY8z543XT7i8o4iwARAQAB
tAR0ZXN0iQJUBBMBCAA+FiEEVdUvy689UJyc3qiwQ1Xy9i0VDrsFAmOQ55oCGwMF
CQeGH1cFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQQ1Xy9i0VDrsT2g//ext0
MFdwxjJsX9PBUDquccFTrb2meYTDAr1rH7GVP8+ibkb2cAplSzdyeBs6wjMlI0B/
Jp6CZ5NW0VBIqQjP3roJB3G2ytLMpObFmh30up2tZHL+SoZit4MXlvJCAJyRMBOF
FRfLcekEbkgUoruPKJrUhwGRNhzD3U6TkGqZenSOPc6GxRKM3rTKYyeqVfQ7Iwj6
C3cKpgJx/qscghWITKzDUQs510KEJ1/+YL436qgCj/e/as8i6Y9Jb7AA6LsNkkxb
+IoKRTJDAm8I/ufcOuv5RUh8MmkThH9nlfw3pQvrtpVWyrXls6f865NggndVJmao
5c1iX07MNs/3RQWrCGLoDQxS4Fq4eQdY5pcSNLOQMNdnZEpNZ18f6+e8HMwXkg9y
nxoKSth4H/uXTk5D0B5Xg+khHl1EkYUu8aVwTHioO3LetK40zKQDY64VGmBa2u6p
85d+Zh7WacAKgrGN7IX84u5azTu2HfU8Jnz/O1X/vFEU7/tzWCHZhfutwLLeLmBN
Ln9SZ3cSc9oTpWhI9NGWG1oEtS3V60O2fxEtRmr+ex+xB2FQBQKtc80GefGc3D2i
hhXsFx+MUgGlMXjQSx7lDmXufFaqwWwE3aeldEU69NIgzKq6seKswBSp1aX09VqJ
PE5GDX/+02Mhk5IZkbdXIGLGRp2hII1lKZ2mkby5Ag0EY5DnmgEQAOn19BLi2THE
60U8itBNHUH+LlWL1KKFdM3YVpnWxAmWvNFt9aQfbKqcj3OUUadJ/BQpom6Y5feG
JbgXzsE9P9FmY5SGAtWBpAiGRdHdd6GPeV85wFKeloULEC49CSIrjob0nze2SyNs
TjsKsaWCLaJ620OHkjYTIM/wGKGajEcT6rsyhVirtpTCbYp4QYcXcp75/A02lgCo
Qv8x70fafW9hiPcB7JDhL/0EAyBqXWsHt0I1pWh9UNqWjmC3NIGfBLhS2G+MX2yX
GQ4s5CnaudoSWgRNgB1nkb+iuPtnDc2h60WsFNhNNZOQikdDuPrI06KBe2HKX0C8
PLOk5Y6S9utUB4MpaaBS7i45laXbd7vEdbPS7FEmz8dimoBRi5wvnNAWNkQe+/RT
Pv1HD9+WM0U2jAHdpfgGDTvDn7mAYvh77OWoFNeCR1Sk3zNbzzx/Mcs/SGeOJCZr
zYPIa6uVFgiOo5sjRlBPzUnJPKQc4YFkc65AxcmXaPpug2tD2kmehtsbIA8+4An1
bWZibQwZKCqNwpOOGKHnw23oMsk2UfKiR4YEbk3cqZB7hWqLbalR30Z+cFhgsAJ/
05enhjLSliOc65m06FyW2yJYyBvMnMeh4zTCzTbqugKUDr5BjRSgLPRDbnyI3D9f
YHSPR20fG5O5Jo00XVaODEdlhNcORYYZABEBAAGJAjwEGAEIACYWIQRV1S/Lrz1Q
nJzeqLBDVfL2LRUOuwUCY5DnmgIbDAUJB4YfVwAKCRBDVfL2LRUOu6nfD/9E9dqg
p9Emhm17rh8UVVRFb/ufezmyKEiKmKewW7cOlb2cmItcY3ffdNt0+ASXAfjUjN+p
cEfeb6mFSQJvDcIFZFn3HmZRySgyz9uII9R4cv7IX36UnV7yM1O9YWa0GyamDGVZ
SUxJEderuROxgZpo/3lxcqqRcdyJQU2OIqNyelkAYWPeB+tCP827nBZ6xf2IJ7HK
4k0vrKgKEyUwigml/WeErzCygQXsKVox+sBwCi2ZgL+3kZKIVPvjZQlinQmpPDsr
BCPKg7ZTtahDfPRS2tU30TSbJux6p2S6/keDx4VrmCrFHKab6JBq3KDuNPjGCCDr
h0Zo0fzhVa+85U90ra9VHI13W7jcUgeUAflvsGw5mAQZ4KMQp++6/H2OfC5TfV6N
rrgKSx6wTmoLO3zqTpG80t4wX85YmVU/Jwfij83GLm+hqVbGcaQ78Qb5IH9gztCQ
8IIz8c55ONE4iu7DQWxmOuksnN7j58kwn16ovErdsDAggYgN+D8GKIOj1ALGdSOW
PwE7CbG0K9IeLKr2TabtdUEz6YwVr1A1J3OgSdYSRLDa17GFw1hgxA4aip6XxyBv
JngSb3jqbk9646eSHSoK//alkaPF277Gn0PKSmR+Ex0ibfGc6SEl8s1zz3lQxBjF
zwF9ft9F1vIf+0dsQLyxMp01qY/1yWMmayJUww==
=ID0y
-----END PGP PUBLIC KEY BLOCK-----


View attachment 2124948
Click to expand...
Would be funny if they encrypted so well that the sender and recipient also saw that gobbly gook
 
  • Like
Reactions: Sikh and George Dawes
vegetassj4 said:
On a serious note, with anything really worth keeping private, I use GPG before uploading to the cloud. I used to keep sensitive local files encrypted as well (likely overkill now?) and have been using GPG (PGP even before Symantec bought it) since the late 90's.

Wait what is that black helicopter doing outside my window? Knock, knock Neo.

GPG Suite

Everything you need to get started with secure communication and encrypting files in one simple package leveraging the power of OpenPGP/GPG
gpgtools.org gpgtools.org



Pretty Good Privacy - Wikipedia

en.wikipedia.org en.wikipedia.org
Click to expand...
I did the same when I made a backup to AWS Glacier. If I remember correctly they wanted to charge for E2E - hahaha - no!
 
  • Like
Reactions: Sikh, SilverWalker, centauratlas and 1 other person
Q: "What took so long?"
A: "Some of the steps we took over a decade ago in designing iCloud and the way we encrypted were necessary precursors to build toward this moment. And using end-to-end encryption for the other types of data, like passwords, and browser history and so forth helped prove out that technology"

A decade to prove out end-to-end encryption technology that was already working on iCloud for other data?

Nonetheless, better late than never.
 
  • Like
Reactions: blizzerand, xizdun, TracesOfArsenic and 2 others
Choco Taco said:
It's honestly about time. Unfortunately, our friends in China won't get to enjoy this new encryption.
Click to expand...

I wouldn’t be too sure. The interviewer explicitly asked Craig about that, and, though he didn’t promise, he made clear that, as of today, Apple intends this to be a worldwide feature, including in China.

Of course, there’s still plenty of time for China to object.

At that point, we’ll see how committed Apple is, and also how determined China is. However it plays out, it’ll be revealing.

b&
 
  • Like
Reactions: Captain Trips and centauratlas
This makes Apple another end-to-end encrypted cloud provider and easier to work with. There are others:

www.makeuseof.com

The 8 Best End-to-End Encrypted Cloud Storage Providers

Looking for a cloud storage service/ Make sure your data is secure with a provider that encrypts all your private information.
www.makeuseof.com www.makeuseof.com

www.theverge.com

Apple is adding end-to-end encryption to iCloud backups

You’ll also be able to use security keys for two-factor authentication.
www.theverge.com www.theverge.com

Apple will finally be adding end-to-end encryption to iCloud backups, the company said as part of a major set of security announcements on Wednesday. Under what it calls Advanced Data Protection, Apple will expand the number of “data categories” protected by end-to-end encryption from 14 to 23, with backups, Notes, and Photos now covered.
Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, contacts, and calendar systems,” according to its press release.

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.
support.apple.com support.apple.com

Apple_advanced_security_Advanced_Data_Protection.jpg
 
  • Like
Reactions: eperitus, centauratlas and schneeland
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back