Apple today announced that it will extend end-to-end encryption to 10 additional iCloud data categories to increase security.
iCloud already protects 14 data categories with end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more, as described in this Apple Support document. The new Advanced Data Protection option brings the number of iCloud data categories that use end-to-end encryption to 23. Advanced Data Protection is available on iPhone, iPad, and Mac starting with iOS 16.2, iPadOS 16.2, and macOS 13.1. will be available later this month and provides end-to-end encryption for the following additional iCloud categories:
device backups and message backups
- iCloud Drive
- notes
- photos
- Memories
- voice notes
- Safari bookmarks
- Siri shortcuts
- wallet passes
Apple says the only major iCloud data categories not yet protected by end-to-end encryption are Mail, Contacts, and Calendar, as they must work with "the global email, contact, and calendar systems" that use older technologies. Advanced Data Protection for iCloud is available for testing with the latest beta versions of iOS 16.2, iPadOS 16.2, and macOS 13.1, released today. Apple says the optional security feature will be available to US users by the end of the year and will roll out to the rest of the world in early 2023.
Apple expands end-to-end encryption in iCloud
End-to-end encrypted iCloud data can only be decrypted on your trusted Apple devices where you are signed in with your Apple ID account, so even if your data is lost in the cloud, it remains safe. Not even Apple has access to the encryption keys, so if you lose access to your account, you can only recover your data using your device passcode or password, recovery contact, or recovery key. Users are encouraged to set up at least one recovery contact or recovery key before enabling Advanced Data Protection. Ivan Krstić, Apple's Head of Security Engineering and Architecture, states:
Advanced Data Protection is Apple's highest level of cloud data security, allowing users to protect most of their sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices. For users who opt in, most iCloud data is protected with Advanced Data Protection even in the event of a data breach in the cloud.
You can turn off Advanced Data Protection at any time. When you do, your device will securely upload the necessary encryption keys to Apple's servers and your account will return to its normal level of protection, according to Apple.
Advanced Data Protection: There are exceptions
When Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default. Users have the option to enable data access on iCloud.com, which gives the web browser and Apple temporary access to data-related encryption keys. Advanced Data Protection is designed to maintain end-to-end encryption for most shared iCloud content, as long as everyone involved has Advanced Data Protection enabled, including shared iCloud Photo Library, shared iCloud Drive folders, and shared notes. However, Apple says that iWork collaboration, the Shared Albums feature in Photos, and sharing content with "anyone with a link" do not support Advanced Data Protection. For a technical overview of Advanced Data Protection, see the iCloud Security Overview and in Apple Platform Security Guide. (Photo by Livda-360 / Bigstockphoto)
