Expanded iCloud Encryption Can't Be Enabled From New Apple Devices Right Away

[kalafalas]

Am I understanding this correctly? If I buy a new iPhone and add it to my Apple ID, I can't turn on the "Advanced Data Protection" feature to encrypt my iCloud backups for 60 days?

So if I have an iPhone 13, turn on "Advanced Data Protection" and encrypt my iCloud backups, and then next month, I buy a brand new iPhone 14 and copy my iPhone 13 over to it, does that mean my backups on the new iPhone 14 are now all of sudden unencrypted until I am allowed to turn on this feature again in two months?

This makes no sense.

All this means is you can't enable the feature on your account via a newly activated device. If you enable the feature on your account via the 13, you will have nothing to worry about when you get a 14 as the feature is already on.

All this prevents is malicious intent. If you don't have the feature enabled, and someone gains access to your credentials/account, without the activation lockout period they could theoretically sign in on a new device, enable the feature, and then lock you out of your own account for a ransom.

 

[JosephAW]

Unfortunately you can't turn off 2fa after two weeks as well.

 

[Apple_Robert]

Turning off and then turning on again should not automatically send keys to Apple, in my opinion. Keys should only be sent again if the user initiated an iCloud backup.

I will turn the feature on and leave it on.

 

[fraXis]

No, advance data protection is account wide. If you're able to enable it on iPhone 13 it will also be on iPhone 14. But the waiting period still exists for new starts on new devices.

Thank you. This makes much better sense to me now.

 

[Mr. Heckles]

Next week I believe, although this part won't be available immediately, supposedly.

It sounds like it will, unless you just added a new device to your account. If you have a device that was already on your account, you can activate if from that one.

 

[brofkand]

What is the logic that says users are better protected by waiting to enable this feature? I'm confused by the reasoning for this.

My guess is to prevent a bad guy from adding a device to your iCloud account and then locking it down with encryption, changed passwords, etc.

 

[killawat]

Turning off and then turning on again should not automatically send keys to Apple,

meaning turn off ADP, then turning ADP back on again? Apple would receive a copy of your keys but destroy them again.

I guess if you're looking at it from the perspective of not uploading a copy of the keys to Apple period and trusting that they delete them? Sure thats a valid concern. But if Apple is shown to be able to "recover" ADP enabled accounts for whatever reason then that's pretty bad.

edit: but we don't know if the encryption keys are rotated when ADP is enabled. I'd bet on this being the case so Apple wouldn't have a copy of the keys period. Again, assuming everyone is being true to their word.

 

[Haiku_Oezu]

They REALLY don’t want to deal with angry customers locked out of their data, huh?

 

[Rigby]

edit - Ninja'd by Rigby. ;-) Definitely seems the reason with either 3rd party damage or extortion being the ultimate goal they're trying to prevent there, nicely thought out.

Does provide an interesting choice for the general user - don't turn it on and Apple can save yourself from yourself (recovering your data etc.), but at the risk of warrant based access of your data - or you can turn this on and its all on you. Whether your country does or does not have a relatively strong rule of law foundation would likely alter these calculations as well.

Good point on the extortion. Essentially this scenario would turn advanced protection into a form of ransomware. "Pay me a zillion bitcoin to decrypt your data".

 

[ghostface147]

I can't even enable it now, it just spins. Maybe it'll be turned on when it's publicly released.

EDIT- Just did this now and now it says to update my Watch, Apple TV, and MB Pro to the latest versions before I can update. This is new and I guess I'll be turning it on next week.

 

[Realityck]

Likely to save people from themselves. While encrypted iCloud is great - plenty of people are going to get royally burned by it when they forget stuff

Could be another reason also, so the servers don’t get immediately impacted by thousands of users running encryption processes. But I like the thought of malicious or careless parties being hindered from encrypting Apple ID parties data.

 

[unQuestionable]

So once I turn it on on my current device, when I get a new device will there be a period of time where my information will not be protected and others could theoretically gain access before it’s protected again?

 

[Rigby]

Could be another reason also, so the servers don’t get immediately impacted by thousands of users running encryption processes. But I like the thought of malicious or careless parties being hindered from encrypting Apple ID parties data.

They don't need to encrypt data. It's already encrypted, they just change where the keys are stored (in HSMs in their data centers or on your devices). The technical foundation for this has been designed years ago.

 

[jambon]

Has anyone with iCloud Shared Library enabled this yet?

 

[LogicalApex]

Could be another reason also, so the servers don’t get immediately impacted by thousands of users running encryption processes. But I like the thought of malicious or careless parties being hindered from encrypting Apple ID parties data.

Encryption is so well accelerated on modern processors that there is no extra “burden” from encryption.

Apple is encrypting at rest, but this will trigger a new encryption pass with new keys generated and unknown to Apple. The encryption will have to occur on device though otherwise Apple would need the keys. So that weight won’t be borne by Apple servers.

 

[cmChimera]

So once I turn it on on my current device, when I get a new device will there be a period of time where my information will not be protected and others could theoretically gain access before it’s protected again?

No.

 

[FreakinEurekan]

The FUD is strong in this thread.

• If you have a device that’s been active for a while, you can turn it on.
• If you turn it on, it’s on for ALL devices.
• The reason you can’t use a recently activated device, is so if someone compromises your account and signs in on a device, they can’t lock you out of your data.

 

[Mr. Heckles]

The FUD is strong in this thread.

• If you have a device that’s been active for a while, you can turn it on.
• If you turn it on, it’s on for ALL devices.
• The reason you can’t use a recently activated device, is so if someone compromises your account and signs in on a device, they can’t lock you out of your data.

This needs to be the top post.

 

[kalafalas]

Encryption is so well accelerated on modern processors that there is no extra “burden” from encryption.

Apple is encrypting at rest, but this will trigger a new encryption pass with new keys generated and unknown to Apple. The encryption will have to occur on device though otherwise Apple would need the keys. So that weight won’t be borne by Apple servers.

All the data is already encrypted on the server, and has been for some time. All this does is move the keys from the server to the device.

 

[ksnell]

What is the logic that says users are better protected by waiting to enable this feature? I'm confused by the reasoning for this.

My guess is this is to protect the backups of someone with a compromised account to give them time to act. Perhaps a similar threat to SIM swaps?

 

[Rigby]

Encryption is so well accelerated on modern processors that there is no extra “burden” from encryption.

Apple is encrypting at rest, but this will trigger a new encryption pass with new keys generated and unknown to Apple. The encryption will have to occur on device though otherwise Apple would need the keys. So that weight won’t be borne by Apple servers.

I'm not sure if they actually rotate the keys. But if they do, they can space it out to prevent a spike of new iCloud Backup and Drive uploads.

 

[ACHD]

Likely to save people from themselves. While encrypted iCloud is great - plenty of people are going to get royally burned by it when they forget stuff

THey already do.

Enabling recovery code, forgetting the Email, forgetting they useda fake name, DOB, fake location, fake number, passwords etc.

Then they claim they never did any of that and would never do any of that. etc etc.

like people need to start writing **** down if they are going to do stupid ****.

This is just another tool for the paranoid and schizophrenic people of the world to loose all their ****.. THEN BLAME someone for stealing or HACKING them.

 

[thebeans]

Where is iOS 16.2?! I’m about to throw my expensive iPhone in the trash!!!

😏

Why??

 

[Realityck]

Where is iOS 16.2?! I’m about to throw my expensive iPhone in the trash!!!

😏

Last 2 years it occurred Monday 2nd week of Dec. Dec 14th, Dec 13th, so it's Dec 12th this year.

 

[alchemistmuffin]

This buffer helps to prevent a malicious actor from enabling the feature if a user is hacked

WRONG​

This buffer only helps the hacker in the long run. I hope Apple changes their mind and enable users to set up iCloud encryption during device setup. This is privacy disaster waiting to happen if buffer time is added.