Apple today announced the expansion of end-to-end encryption to 10 additional categories of iCloud data on a voluntary basis to improve security.
iCloud already secures 14 category data using end-to-end encryption by default, including the Messages app when backup is disabled, passwords stored in iCloud Keychain, health data, Apple Maps search history, Apple Card transactions, and more, as outlined in this Apple support document. The new Advanced Data Protection option increases the number of iCloud data categories that use end-to-end encryption to 23.
Advanced data protection will be available on iPhone, iPad, and Mac starting with iOS. 16.2, iPadOS 16.2, and macOS 13.1 later this month and provides end-to-end encryption for the following additional iCloud categories:
- Device and Message Backups
- iCloud Drive
- Voice Notes
- Safari Bookmarks
- Siri Shortcuts
- Wallet Passes
Apple says the only major categories of iCloud data that are still not end-to-end encrypted are Mail, Contacts, and Calendar due to “the need to interoperate with global email, contacts, and calendar systems” that use legacy technology.
Enhanced Data Protection for iCloud is available for testing starting with the latest iOS 16.2. , iPadOS 16.2 and macOS 13.1 beta released today. Apple says the additional security feature will be available to users in the US by the end of the year and will start rolling out to the rest of the world in early 2023.
End-to-end encrypted iCloud data can only be decrypted on your trusted Apple devices that you're signed in to with your Apple ID account, ensuring data stays safe even in the event of a data breach in the cloud. Even Apple doesn't have access to the encryption keys, so if you lose access to your account, you can only recover with your device's passcode or password, recovery contact, or recovery key. Users will be prompted to set up at least one recovery contact or recovery key before they turn on Advanced Data Protection.
“Advanced Data Protection is Apple's highest level of cloud data security, giving users the ability to protect the vast majority of their most sensitive iCloud data is end-to-end encrypted so it can only be decrypted on their trusted devices,” said Ivan Krstic, Apple’s head of security and architecture. “For users who have opted in, Enhanced Data Protection keeps most of your iCloud data protected, even in the event of a data breach in the cloud.”
You can turn off Enhanced Data Protection at any time. Your device will then securely upload the required encryption keys to Apple's servers, and your account will revert to the default security level as per Apple.
When Enhanced Data Protection is enabled, access to your data transfers via iCloud.com is by default disabled. Users have the option to enable data access on iCloud.com, which allows the web browser and Apple to temporarily access data encryption keys.
Advanced data protection is designed to ensure uninterrupted data access. turn off encryption for most shared iCloud content if all members have advanced data protection turned on, including shared iCloud Photo Library, shared iCloud Drive folders, and shared notes. However, Apple says iWork collaboration, Shared Albums in Photos, and “anyone with the link” content sharing do not support Advanced Data Protection.
A more technical overview of Advanced Data Protection, see iCloud Security Overview and Apple Platform Security Guide.
Related Reviews: iOS 16, iPadOS 16, macOS VenturaRelated Forums: iOS 16, macOS Ventura[ 16 comments ]