Apple finally adds end-to-end encryption to iCloud data
Apple has enhanced its security setup with a series of major security updates. Among them is 'Advanced Data Protection,' under which the company has expanded end-to-encryption to iCloud. End-to-end encryption for iCloud has been a long-standing demand of privacy advocates and users alike. Alongside Advanced Data Protection, Apple also announced iMessage Contact Key Verification and Security Keys.
Why does this story matter?
- Privacy and security are two words that have defined Apple for a long time. However, the lack of end-to-end encryption for iCloud backup data has remained a speck in the company's otherwise great privacy record.
- Apple has finally decided to change that. This is another win for Apple in the privacy column.
- It needs to be seen how law enforcement reacts to this update.
Only users will have access to end-to-end encrypted data
With Advanced Data Protection, Apple has expanded the number of "data categories" with end-to-end encryption from 14 to 23. iCloud backups are covered under this. If users decide to opt into Advanced Data Protection, their data can only be decrypted on their trusted devices where they have signed in with their Apple ID. Only users will have access to their iCloud data.
iCloud data wasn't safe from hacking
Prior to the rollout of Advanced Data Protection, iCloud backup data was at the mercy of Apple. Standard encryption provided the company access to any stored data of users. This also meant that law enforcement agencies could ask for iCloud data because it lacked end-to-end encryption. Or, in case of a hacker attack, the data was vulnerable to being stolen.
Apple's servers now can't access data on behalf of users
Advanced Data Protection makes the user the proprietor of their data. Only the user will have access to the encryption keys. Once the user enables it, Apple's servers won't be able to access data or modify iCloud settings on behalf of users. This is a huge upgrade from iCloud's one-layer encryption, which put iCloud data at the mercy of the company, regime, and hackers.
iCloud Mail, Contacts, and Calendar are not covered
It isn't just iCloud backup data that gets the benefit of Advanced Data Protection. Apple has extended the protection to device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Only major categories not covered by the new option are iCloud Mail, Contacts, and Calendar, because of the interoperability factor.
Users need to set up two-factor authentication first
To enable Advanced Data Protection, users have to first set up two-factor authentication for their Apple ID and set a password/passcode on their devices. The device must also be updated to the latest available software. Remember, if you fail to set up a recovery method for Advanced Data Protection, your iCloud data is as good as lost.
Rest of the world will get the feature in 2023
Advanced Data Protection is only available to Apple Beta Software Program members now. By the end of this year, other users in the US will get the feature. Apple will start rolling out the feature to the rest of the world in early 2023.