Apple today announced that it will expand end-to-end encryption to 10 additional categories of subscription-based iCloud data to enhance security.
iCloud already protects 14 categories of data with end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, health data, Apple Maps search history, phone transactions, and more. Apple Card and more, as described in this Apple Support Document. With a new Advanced Data Protection option, the number of iCloud data categories that use end-to-end encryption increases to 23.
Advanced Data Protection will be available on iPhone, iPad, and Mac starting with iOS 16.2, iPadOS 16.2, and macOS 13.1 later this month and provides end-to-end encryption for the following additional iCloud categories:
- Device backups and message backups
- iCloud Drive
- voice memos
- Safari Bookmarks
- Siri Shortcuts
- wallet passes
Apple says the only major categories of iCloud data not yet protected by end-to-end encryption are Mail, Contacts, and Calendar due to the “need to interoperate with the global email, contacts, and calendar systems” they use. legacy technologies.
Advanced data protection for iCloud is available to try starting with the latest beta versions of iOS 16.2, iPadOS 16.2, and macOS 13.1 launching today. Apple says the optional security feature will be available to US users by the end of the year and will begin rolling out to the rest of the world in early 2023.
iCloud’s end-to-end encrypted data can only be decrypted on your trusted Apple devices where you’re signed in with your Apple ID account, ensuring that data remains secure even in the event of a data breach in the cloud. Not even Apple has access to the encryption keys, so if you lose access to your account, you can only recover your data using your device’s passcode or password, recovery contact, or recovery key. Users will be guided to set up at least one recovery contact or recovery key before enabling Advanced Data Protection.
“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the option to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so it can only be decrypted in their trusted devices,” Ivan said. Krstić, Apple’s head of engineering and security architecture. “For users who opt in, Advanced Data Protection keeps most iCloud data protected even in the event of a cloud data breach.”
You can deactivate Advanced Data Protection at any time. By doing so, your device will securely upload the required encryption keys to Apple’s servers and your account will return to a standard level of protection, according to Apple.
When Advanced Data Protection is enabled, access to your data through iCloud.com is disabled by default. Users have the option to turn on data access on iCloud.com, which allows the web browser and Apple temporary access to data-specific encryption keys.
Advanced Data Protection is designed to maintain end-to-end encryption for most iCloud shared content, as long as all participants have Advanced Data Protection enabled, including iCloud Shared Photo Library, shared iCloud folders, iCloud Drive and shared notes. However, Apple says that iWork collaboration, the Shared Albums feature in Photos, and sharing content with “anyone with a link” is not compatible with Advanced Data Protection.
For a more technical overview of advanced data protection, read the iCloud Security Overview and the Apple Platform Security Guide.