Pshh I'll take it off your hands if you're just going to throw it in the trash
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Expanded iCloud Encryption Can't Be Enabled From New Apple Devices Right Away
- Thread starter MacRumors
- Start date
- Sort by reaction score
It’s a joke… I hoped it would come across that way.
I would really like the lock screen change for always on display, though. And whatever optimizations 16.2 has in store.
But I’m really happy with the 14 pro.
E2EE is a big deal and I'm going to use, but I will wait a little while to see how smoothly it goes for others. My personal Apple ecosystem has a lot of moving parts and I don't want to be the guy that discovers the 3 iPads and 2 Apple Watches on a single account trigger the unrecoverable data deleting bug.
The last bullet is where the logic breaks down.
Someone can compromise your account and sign in on an old device. Why would someone need to purchase a new device to compromise an account?
I would guess that the new device rule has nothing to do with new devices, but rather to artificially stagger the process of encrypting devices and accounts to reduce the load on iCloud services.
'New device' isn't clearly defined, so a device purchased one year ago can be considered 'new' for all intents and purposes.
I think it is specifically not allowing it to be turned on from any device newly added to your account if it is not already enabled. But an account with it already enabled would be no issue. This stops a hacker (or more likely an abuser) from adding a device to your account and locking you out of your data.
Does it matter which carrier the phone has been activated on?
That’s false. You can’t enable it at all if you either have a device added to your iCloud account that does not support iOS 16 or macOS Ventura or apparently a new device. If you have those devices, you have to remove them from your iCloud account first. All your devices have to jive because you won’t be able to use iCloud at all with any of those devices, the older ones or a recently added device. The case might be different if ADP is already enabled for your iCloud account and THEN get a new device.
Yeah that’s fair I guess. As I said, I think that a way to override the warning should be allowed, Apple must just be sure that the user is not enabling lightly this feature. But they could definitely do a better job of communicating the risk of not enabling the feature
They’d have to rotate the keys. Otherwise, Apple would still have access to the keys…
It doesn’t need to be a brand new device, just a device that was recently added to your iCloud account. If someone got your credential, signed into iCloud on their device, then enable ADP, they would have the recovery key and recovery contact and could remove your other devices from iCloud and lock you out.
Right, so it means a device newly associated with a certain Apple ID, and not a newly bought or manufactured device.
When I first read this I thought it meant newly made device, like the iPhone 14 series.
It doesn't matter if the device is new or old. What matters is how long the device that wants to enable advanced protection has been registered to the Apple ID.
So say I have a bunch of the usual Apple devices. iPhone, watch iPads ATV, etc. that are all newer but if I have one iMac that can't update to anything newer than Big Sur, doesn't that mean I can't enable this? I'm thinking I can't. RIGHT?
TIA
EDIT:
Got the answer two posts down. Thank you!
TIA
EDIT:
Got the answer two posts down. Thank you!
Last edited:
Well, they were stored in HSM so Apple wouldn't be able to access them without the user's passcode. But it's possible that they will still rotate the keys to also close that loophole.
Looks like it. But it's possible to use Macs without them being associated to an Apple ID (of course this means you could no longer use iCloud services under your main Apple ID). I also have an older Mac that doesn't support Ventura and I plan to just use it without iCloud going forward.
I think this is the wording my brain needed to definitively untangle how this is going to work. Thanks.
I don’t follow you… Perhaps it is due to multitasking with work…
But... If Apple didn’t have access to the keys before then this whole thing wouldn’t be needed as it would be E2E encrypted already. That’s the not case as they do have access to the key. Enabling this would require a new key that they don’t have access to and a rotation.
But perhaps you can explain what I’m missing here?
It kinda of sucks that the same update that gives us E2EE and requires us to take older devices off our iCloud account is also the same update that prevents AirDrop from staying open to everyone longer than 10 minutes making seamless file sharing between older devices a pain.
My understanding is that the encryption keys for services that weren't end-to-end encrypted so far were kept in HSMs, and could be unlocked once the user authenticates and thus provides the necessary credentials to Apple's servers. If they remove the code that sends (device side) or collects (server side) these credentials they would theoretically no longer be able to access the keys (since they are protected by HSMs). See:
iCloud encryption
Data encryption in iCloud is closely tied to the data storage model, starting with the CloudKit frameworks and APIs.
support.apple.com
Theoretically they could of course make copies of the keys before deleting them. To close that loophole, they could rotate the keys on the end devices after advanced encryption is enabled as you suggested. But I don't know exactly what they do.
You’re misunderstanding what Apole is describing here.
Apple is saying they store the keys inside “Hardware Security Modules” which is an Apple specific way of describing a key vault. Apple generates these keys and stores them in this vault which is industry best practice (meaning if you stole a server from the Apple Data Center you won’t be able to decrypt that data since you wouldn’t have the key) on key management and storage. That doesn’t mean that Apple doesn’t have access to this key. They do have access to it.
They all it an “after-authentication key” because they don’t send the key to the Apple device until the user authenticates. But Apple has access to this key so they don’t need anything from the user to decrypt data stored with it.
For this new model it will shift to being like the rest of the “E2EE” keys they explain in the paragraph above that one you read. Where the key is generated on device and stored there. They never make it to Apple’s servers and Apple has no way of accessing them.
If Apple simply sent your device their encryption key they wouldn’t be able to claim E2EE here.