Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Enable End-to-End Encryption for Your iCloud Backups

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,158
37,104


Apple's Advanced Data Protection for iCloud feature uses end-to-end encryption to provide the highest level of cloud data security that Apple offers. Here's everything you need to know about enabling it on your devices.

Apple-advanced-security-Advanced-Data-Protection_screen-Feature-Orange.jpg

The encrypted security feature gives you the choice to further protect your important iCloud data, including iCloud Backup, Photos, Notes, and more.

Apple's use of end-to-end encryption means the vast majority of your most sensitive iCloud data can only be decrypted on your trusted Apple devices where you're signed in with your Apple ID account, ensuring that the data remains secure even in the case of a data breach in the cloud. In other words, no-one – not even Apple – can access your data except you.

iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos.

Advanced Data Protection provides end-to-end encryption for the following additional iCloud categories:
  • Device Backups and Messages Backups
  • iCloud Drive
  • Notes
  • Photos
  • Reminders
  • Voice Memos
  • Safari Bookmarks
  • Siri Shortcuts
  • Wallet Passes
The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.

Crucially, Advanced Data Protection for iCloud is an opt-in feature, so you must enable it yourself using the steps below. Note that if you lose access to your account, you can only recover your data using your device passcode or password, a recovery contact, or a recovery key. (You will be guided to set up at least one recovery contact or recovery key before Advanced Data Protection is enabled.)

It's also worth bearing in mind that when Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default, although you will have the option to turn on data access on iCloud.com, which allows the web browser to have temporary access to data-specific encryption keys.

Before you enable Advanced Data Protection, you'll first have to update all your devices to the latest software versions, otherwise you'll have to remove these devices from your account as they won't support end-to-end encryption. Advanced Data Protection is available globally on the iPhone, iPad, and Mac, running iOS 16.3 or later, iPadOS 16.3 or later, and macOS 13.2 or later, respectively.

How to Enable Account Recovery on iPhone, iPad, and Mac

Before turning on Advanced Data Protection, you'll need to set up Account Recovery. This ensures you can recover your data if you forget your password.
  1. Open Settings on your iPhone or iPad (or System Settings on Mac), and then select your Apple Account banner at the top of the menu.
  2. Select iCloud.
  3. Select Advanced Data Protection.
    advanced-data-protection2.jpg

    Select Account Recovery.
  4. Add a Recovery Contact, and set a Recovery Key if desired.
    advanced-data-protection1.jpg

A recovery contact should be a trusted person such as a family member or friend who also owns an Apple device. They will receive recovery codes if you ever forget your password. If you opt to set a 28-character recovery key, you'll need to print it out and keep it somewhere safe, or store it in a password manager.

How to Enable Advanced Data Protection on iPhone, iPad, and Mac

Once Account Recovery is set up, you can enable Advanced Data Protection for iCloud Backups.
  1. Open Settings on iPhone or iPad (System Settings on Mac) and then select your Apple Account banner at the top of the menu.
  2. Select iCloud.
  3. Select Advanced Data Protection.
  4. Toggle on the switch for Advanced Data Protection to turn it on.
advanced-data-protection3.jpg


That's it. Your iCloud backups are now protected with end-to-end encryption.

You can turn off Advanced Data Protection at any time. Upon doing so, your device will securely upload the required encryption keys to Apple servers, and your account will revert to a standard level of protection.

Article Link: Enable End-to-End Encryption for Your iCloud Backups
 
Article Link
https://www.macrumors.com/how-to/enable-advanced-data-protection-icloud/
Last edited:
  • Like
Reactions: SFjohn, poorcody and JapanApple
I keep absolutely nothing of interest on my phone, no passwords, no banking or payment apps, no social media, but still keep this enabled, as should everyone.

At this point, it should be on by default, with a slew of warnings and "are you sure?" click boxes before disabling.
 
  • Like
  • Disagree
Reactions: RealE, mganu, newmacxc and 5 others
WarmWinterHat said:
I keep absolutely nothing of interest on my phone, no passwords, no banking or payment apps, no social media, but still keep this enabled, as should everyone.

At this point, it should be on by default, with a slew of warnings and "are you sure?" click boxes before disabling.
Click to expand...
Not everyone has your level of paranoia. None of the 10 things this encrypts do I care whatsoever if someone sees. I always wonder what people talk about when they chat on encrypted apps? Criminal activity? Sexting? What? Why does everything need to be encrypted? Some data needs to be encrypted for sure, but for most people, most of this doesn't need to be so having this ON by default, as you suggest, is not a good idea.
 
  • Disagree
  • Like
  • Love
Reactions: thefrost, chabig, Joe D33 and 17 others
DEMinSoCAL said:
Not everyone has your level of paranoia. None of the 10 things this encrypts do I care whatsoever if someone sees. I always wonder what people talk about when they chat on encrypted apps? Criminal activity? Sexting? What?
Click to expand...

The point is that no one should have to think about it. If it's enabled by everyone, always, and by default, then it becomes the norm. Your data should your business and yours alone, not available for marketing, curious people, companies or anyone else without a warrant.

I'm not particularly paranoid and don't think anyone is trying to get anything I have, I just don't like carrying data around with me and prefer a quieter and less connected life. My wife, on the other hand, is a prominent local attorney and has ran for office a few times..people have actively tried to get into her accounts, and routinely still do. It can be a battle with the fishing attempts, and she isn't tech savvy. She also doesn't use an iPhone, and doesn't like Apple devices.
 
Last edited:
  • Like
  • Disagree
  • Love
Reactions: thefrost, TJFDenver, mansplains and 8 others
DEMinSoCAL said:
Not everyone has your level of paranoia. None of the 10 things this encrypts do I care whatsoever if someone sees. I always wonder what people talk about when they chat on encrypted apps? Criminal activity? Sexting? What?
Click to expand...
The point is, it isn’t anyone else’s business. Doesn’t matter if I’m talking about my favorite movie or where I’m investing next week, you shouldn’t be able to see it if I didn’t send it to you.

This whole “if you’re doing nothing wrong what are you worried about?” Argument is specious at best.
 
  • Like
  • Love
  • Disagree
Reactions: RealE, swrobel, thefrost and 21 others
Is there any technical disadvantage of enabling advanced data protection, like slower data retrieval, etc?
 
I just tried to activate it on my partner’s iphone and it tells me that she needs to update her Windows iCloud app to the newest version. Though it is already the newest at 15.3. I understand this should work with Windows as well she is on windows 11. Does anyone have an idea whats wrong here?
 
Trausner said:
I just tried to activate it on my partner’s iphone and it tells me that she needs to update her Windows iCloud app to the newest version. Though it is already the newest at 15.3. I understand this should work with Windows as well she is on windows 11. Does anyone have an idea whats wrong here?
Click to expand...

It needs to be the version downloaded from the Microsoft App Store on Windows, and not the one from Apple's download pages.
 
I hate that Apple won’t let users with Monterey or older macOS enable Advanced Data Protection. Only Ventura, Sonoma, and Sequoia support it, so if your Mac can’t upgrade to those, you’re stuck.

My MacBook Pro runs Monterey, and every other device I own supports Advanced Data Protection, but because of one older device, I can’t turn it on unless I fully remove my MacBook Pro from my Apple ID, losing iCloud access on it. That’s just ridiculous.

Apple could have easily allowed this on older macOS versions, but instead, they’re forcing upgrades just to access a basic security feature that should be available by default.
 
  • Like
Reactions: Burnincoco and nt5672
DEMinSoCAL said:
Not everyone has your level of paranoia. None of the 10 things this encrypts do I care whatsoever if someone sees. I always wonder what people talk about when they chat on encrypted apps? Criminal activity? Sexting? What? Why does everything need to be encrypted? Some data needs to be encrypted for sure, but for most people, most of this doesn't need to be so having this ON by default, as you suggest, is not a good idea.
Click to expand...

For anyone interested, Wikipedia has well covered the "nothing to hide argument"

Link
 
  • Like
  • Love
Reactions: RealE, EedyBeedyBeeps, thefrost and 14 others
MacFin said:
I hate that Apple won’t let users with Monterey or older macOS enable Advanced Data Protection. Only Ventura, Sonoma, and Sequoia support it, so if your Mac can’t upgrade to those, you’re stuck.

My MacBook Pro runs Monterey, and every other device I own supports Advanced Data Protection, but because of one older device, I can’t turn it on unless I fully remove my MacBook Pro from my Apple ID, losing iCloud access on it. That’s just ridiculous.

Apple could have easily allowed this on older macOS versions, but instead, they’re forcing upgrades just to access a basic security feature that should be available by default.
Click to expand...
Apple could have easily allowed this

Sure? Why?
There are entire areas that can usually only be served with new operating systems and the latest hardware for resource reasons. In most cases, runtime problems also play a role. Or do you know operating systems better than I do?

As a developer, I primarily think about this. The wallet also plays an important role for Apple as a company with a brain, but in this case it is probably only secondary.
 
  • Like
Reactions: Skyuser
DEMinSoCAL said:
Not everyone has your level of paranoia. None of the 10 things this encrypts do I care whatsoever if someone sees. I always wonder what people talk about when they chat on encrypted apps? Criminal activity? Sexting? What? Why does everything need to be encrypted? Some data needs to be encrypted for sure, but for most people, most of this doesn't need to be so having this ON by default, as you suggest, is not a good idea.
Click to expand...
Since you don’t care about encryption I assume you’d be totally fine with sharing your complete medical history (physical and mental health included), your personal and business finances, your full browser history, every private conversation you’ve ever had (family drama, work discussions, all of it), your location, any legal matters you’ve been involved in (divorce, accidents, disputes, etc)?

I don’t get why you wouldn’t think anyone would not want to protect their personal data from hackers, corporations selling their information, government mass surveillance, identity theft, or even just nosy people who have no business knowing their private affairs? Clearly you think encryption is only for criminals and intimate conversation. Not like you know, useful for literally every person who doesn’t want their life to be an open book for strangers. But sure.. let’s just assume privacy is useless because you personally don’t think you need it. Great logic!

This should just be on by default really shouldn’t it.. without us even needing to even consider enabling it!
 
  • Like
  • Haha
Reactions: RealE, thefrost, TVreporter and 8 others
Maybe they should focus on giving us BACK our icloud storage that they messed up when we updated from ios 17.5 to ios 18.0. My icloud storage doubled for NO REASON when I updated my ios from 17.5 to 18.0. I have 25 contacts 1 photo 0 videos 0 music. I have iphone se 2022. It is now 195mb when originally it was 56mb. MAKE IT MAKE SENSE. APPLE WILL NEVER FIX THIS BUG. They also need to fix the messages bug where texts arent deleting from the server end. When u manually delete texts from recently deleted folder theyre suppose to delete from the server end. It usually takes up to 4 days to delete. ITS NOT DOING THIS. This has been a bug in ios 18.2 and its not fixed in 18.3 they will never fix this either.
 
  • Like
  • Haha
  • Wow
Reactions: TJFDenver, JMStearnsX2 and nt5672
WarmWinterHat said:
The point is that no one should have to think about it. If it's enabled by everyone, always, and by default, then it becomes the norm. Your data should your business and yours alone, not available for marketing, curious people, companies or anyone else without a warrant.

I'm not particularly paranoid and don't think anyone is trying to get anything I have, I just don't like carrying data around with me and prefer a quieter and less connected life. My wife, on the other hand, is a prominent local attorney and has ran for office a few times..people have actively tried to get into her accounts, and routinely still do. It can be a battle with the fishing attempts, and she isn't tech savvy. She also doesn't use an iPhone, and doesn't like Apple devices.
Click to expand...

As a friend of a high level Barrister, they have multiple attempts at phishing and hacking when doing big cases or when visiting certain countries. They don't have anything to hide but they likened it to having someone coming to snoop around your home unwanted every now and then.
 
  • Like
Reactions: gusmula, SFjohn, schneeland and 1 other person
WarmWinterHat said:
If you forget your password, or your account gets compromised, you are permanently locked out of you data without any chance of retrieval by Apple or otherwise.
Click to expand...
Isn’t this why you’re required to setup a recovery key or recovery contact though?
 
MacFin said:
I hate that Apple won’t let users with Monterey or older macOS enable Advanced Data Protection. Only Ventura, Sonoma, and Sequoia support it, so if your Mac can’t upgrade to those, you’re stuck.

My MacBook Pro runs Monterey, and every other device I own supports Advanced Data Protection, but because of one older device, I can’t turn it on unless I fully remove my MacBook Pro from my Apple ID, losing iCloud access on it. That’s just ridiculous.

Apple could have easily allowed this on older macOS versions, but instead, they’re forcing upgrades just to access a basic security feature that should be available by default.
Click to expand...
Give OCLP a try. I did that with my 12" 2107 MacBook (previously stuck with Ventura) and Sequoia is running very well.

OpenCore Legacy Patcher

Experience macOS just like before
dortania.github.io
 
Last edited:
  • Like
Reactions: mk313
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back