Apple today announced that it will extend end-to-end encryption to 10 additional iCloud data categories to increase security.
iCloud already protects 14 categories of data with end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more, as described in this Apple support document. The new Advanced Data Protection option increases the number of iCloud data categories that use end-to-end encryption to 23. Advanced Data Protection will be available on iPhone, iPad, and Mac starting with iOS 16.2, iPadOS 16.2, and macOS 13.1 will be available later this month and provides end-to-end encryption for the following additional iCloud categories:
device backups and message backups
- iCloud Drive
- notes
- photos
- Memories
- voice notes
- Safari bookmarks
- Siri shortcuts
- wallet passes
Apple says the only major iCloud data categories not yet protected by end-to-end encryption are Mail, Contacts, and Calendar, because they need to work "with the global email, contacts, and calendar systems" that use older technologies. Advanced Data Protection for iCloud can be tested with the latest beta versions of iOS 16.2, iPadOS 16.2, and macOS 13.1, released today. Apple says the optional security feature will be available for U.S. users by the end of the year, with a rollout to the rest of the world in early 2023.
Apple expands end-to-end encryption in iCloud
End-to-end encrypted iCloud data can only be decrypted on your trusted Apple devices where you are signed in with your Apple ID account, so even if your data is lost in the cloud, it remains safe. Not even Apple has access to the encryption keys, so if you lose access to your account, you can only recover your data using your device passcode or password, recovery contact, or recovery key. Users are encouraged to set up at least one recovery contact or recovery key before enabling Advanced Data Protection. Ivan Krstić, Apple's Head of Security Engineering and Architecture, states:
Advanced Data Protection is Apple's highest level of cloud data security, allowing users to protect most of their sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices. For users who opt in, most iCloud data is protected with Advanced Data Protection even in the event of a data breach in the cloud.
You can turn off Advanced Data Protection at any time. When you do, your device will securely upload the necessary encryption keys to Apple's servers and your account will return to its normal level of protection, according to Apple.
Advanced Data Protection: There are exceptions
When Advanced Data Protection is turned on, access to your data through iCloud.com is disabled by default. Users have the option to enable data access on iCloud.com, which gives the web browser and Apple temporary access to data-related encryption keys. Advanced Data Protection is designed to maintain end-to-end encryption for most shared iCloud content as long as everyone involved has Advanced Data Protection turned on, including shared iCloud Photo Library, shared iCloud Drive folders, and shared notes. However, Apple says iWork collaboration, the Shared Albums feature in Photos, and sharing content with "anyone who has a link" do not support Advanced Data Protection. For a technical overview of Advanced Data Protection, see the iCloud Security Overview and in Apple Platform Security Guide. (Photo by Livda-360 / Bigstockphoto)
