Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
59,215
23,137


Apple today announced that Advanced Data Protection is expanding beyond the United States. Starting with iOS 16.3, the security feature will be available globally, giving users the option to enable end-to-end encryption for many additional iCloud data categories, including Photos, Notes, Voice Memos, Messages backups, device backups, and more. iOS 16.3 is currently in beta and expected to be released to the public next week.

Apple-advanced-security-Advanced-Data-Protection_screen-Feature-Purple.jpg

By default, Apple stores encryption keys for some iCloud data types on its servers to ensure that users can recover their data if they lose access to their Apple ID account. If a user enables Advanced Data Protection, the encryption keys are deleted from Apple's servers and stored on a user's devices only, preventing Apple, law enforcement, or anyone else from accessing the data, even if iCloud servers were to be breached.

iCloud already provides end-to-end encryption for 14 data categories without Advanced Data Protection turned on, including Messages (excluding backups), passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more. Advanced Data Protection expands this protection to the vast majority of iCloud categories, with major exceptions including the Mail, Contacts, and Calendar apps.

Advanced Data Protection first launched in the U.S. in December with iOS 16.2, and Apple said the feature would roll out to the rest of the world in early 2023, so the global expansion is on schedule. All of a user's devices must be updated to Apple's software versions that support Advanced Data Protection in their country to use the feature. Outside the U.S., this includes iOS 16.3, iPadOS 16.3, macOS 13.2, tvOS 16.3, and watchOS 9.3.

When Advanced Data Protection is enabled, access to iCloud.com is disabled by default. Users have the option to turn on data access on iCloud.com, which allows the web browser and Apple to have temporary access to data-specific encryption keys.

Advanced Data Protection is designed to maintain end-to-end encryption for most shared iCloud content, as long as all participants have Advanced Data Protection enabled, including iCloud Shared Photo Library, iCloud Drive shared folders, and shared Notes. However, Apple says iWork collaboration, the Shared Albums feature in Photos, and sharing content with "anyone with a link" do not support Advanced Data Protection.

For more information, read Apple's Advanced Data Protection support document.

Article Link: iOS 16.3 Expands Advanced Data Protection Option for iCloud Encryption Globally
 
Last edited:

Unregistered 4U

macrumors G3
Jul 22, 2002
8,240
5,866
Advanced Data Protection is designed to maintain end-to-end encryption for most shared iCloud content, as long as all participants have Advanced Data Protection enabled, including iCloud Shared Photo Library, iCloud Drive shared folders, and shared Notes. However, Apple says iWork collaboration, the Shared Albums feature in Photos, and sharing content with "anyone with a link" do not support Advanced Data Protection.
Glad they put this here, though I’m sure that in about 3 months a “security researcher” that needs to be noticed on social media is going to report that “Sharing content with ‘anyone with a link’ bypasses Apple’s ADP and ‘leaks’ all data shared that way. AND IT DOESN’T even MATTER if lockdown mode is enabled!!!”
 

Unregistered 4U

macrumors G3
Jul 22, 2002
8,240
5,866
This is long over due! I certainly welcome end-to-end encryption, however remain curious about how well this will translate in real world usage. Ie benefits of improved security/risk mitigation vs functionality and performance.
I think the biggest impacts are listed, those dealing with sharing indiscriminately, which makes sense. If you’re sharing specifically with someone else who also has it turned on, then you shouldn’t notice an issue or performance degradation.
 
  • Like
Reactions: max2

kalafalas

macrumors 6502a
Aug 26, 2008
565
1,719
California
This is long over due! I certainly welcome end-to-end encryption, however remain curious about how well this will translate in real world usage. Ie benefits of improved security/risk mitigation vs functionality and performance.
I’ve had it enabled since launch day in the states and aside from having to sign out of iCloud on my ancient Mac mini, there has not been a single downside. And I am all-in on iCloud, I use drive for my files, photos, Apple Music, you name it.
 

Wildkraut

macrumors 68040
Nov 8, 2015
3,184
6,358
Germany
Not really. The iCloud accounts were not hacked, the users fell for phishing attacks, so they gave away their password themselves.
This is just one part of the story to put Apple in a better light. Apple allowed the attackers to brute force the iCloud access interfaces, making it easier to discover celebrities passwords. Later Apple implemented access delays, account blocks on failed login attempts and 2FA.

Anyway, YES, Advanced Data Protection would have helped, because it disables the iCloud web access by default.
 
Last edited:

Wildkraut

macrumors 68040
Nov 8, 2015
3,184
6,358
Germany
Not good, they are still able to implement the controversial CSAM by having file checksums and the metadata, the Advanced Data Protection is half baked and still allows Apple to do privacy abusive stuff.


Encryption of certain metadata and usage information​

Some metadata and usage information stored in iCloud remains under standard data protection, even when Advanced Data Protection is enabled. For example, dates and times when a file or object was modified are used to sort your information, and checksums of file and photo data are used to help Apple de-duplicate and optimize your iCloud and device storage — all without having access to the files and photos themselves. Representative examples are provided in the table below.
This metadata is always encrypted, but the encryption keys are still stored by Apple. As we continue to strengthen security protections for all users, Apple is committed to ensuring more data, including this kind of metadata, is end-to-end encrypted when Advanced Data Protection is enabled.

 
Last edited:

JonathanParker

macrumors member
Jul 1, 2021
43
86
Why can't I turn on Advanced Data Protection?
Latest macOS 13.2 RC beta and iOS 16.3 RC beta, but its' saying i need to update my mac?
 

Steve01234

macrumors member
Jul 25, 2014
37
51
it also forced obsoleting of ALL old hardware they won't let run OS 13.2+ or iOS 16.2+.

My MBP 2016 stuck on OS 12.6.x must be removed from my iCloud account to enable this feature :mad: - go try it.

so that means at least apple apps on that mac won't get updates AFAIK, OS security updates probably for another year.

maybe there is installer patcher, but having done that with a old intel tower thats now long gone, it was always a house of cards waiting for some OS update to mess the machine up.
 

Morgenland

macrumors 65816
May 28, 2009
1,478
2,210
Europe
Only a company that has power and influence and smarts can get things done around the world. And Apple is on the good guys' agenda so far. That's not a given in this world, I bow to Apple.

The other people with their 365 OS warez have nothing to lose because they own nothing.
 

mansplains

macrumors 6502a
Jan 8, 2021
793
1,219
I'll have to check whether recovery contacts are working properly now, I set this up on launch. When I invited my wife the day of, she didn't get a message on her end. I tried again a week later to no avail.
 

Wildkraut

macrumors 68040
Nov 8, 2015
3,184
6,358
Germany
it also forced obsoleting of ALL old hardware they won't let run OS 13.2+ or iOS 16.2+.

My MBP 2016 stuck on OS 12.6.x must be removed from my iCloud account to enable this feature :mad: - go try it.

so that means at least apple apps on that mac won't get updates AFAIK, OS security updates probably for another year.

maybe there is installer patcher, but having done that with a old intel tower thats now long gone, it was always a house of cards waiting for some OS update to mess the machine up.
That’s the wonderful world of Apple ecosystem.

The carrot and stick approach!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.