Apple brings end-to-end encryption to iCloud with Advanced Data Protection

An iPhone with the iCloud logo on the screen being held in front of a Mac
(Image credit: Shutterstock)

Apple has announced its plan to bring end-to-end encryption to iCloud in an effort to further protect its users from data breaches.

Once Advanced Data Protection becomes available, iPhone, iPad and Mac owners will be able to add extra protection to their sensitive data stored in the company’s cloud storage service. This is an optional feature and users will need to enable it themselves from the iCloud settings menu on their devices.

Apple devices running either iOS or iPadOS currently use a file encryption methodology called Data Protection according to an Apple support document. Meanwhile, while Intel-based Macs use a volume encryption technology called FileVault, Macs powered by Apple silicon use a hybrid model that supports Data Protection.

iCloud already protects 14 sensitive data categories including passwords in iCloud Keychain and Health data using end-to-end encryption by default. Once Advanced Data Protection is enabled though, the number of protected categories will increase to 23 and include iCloud Backup, Notes and Photos. 

However, Advanced Data Protection won’t encrypt every data category as iCloud Mail, Contacts and Calendar need to be able to interoperate with other systems and services.

Head of security engineering and architecture Ivan Krstić provided further insight on Advanced Data Protection in a press release, saying: “Apple makes the most secure mobile devices on the market. And now, we are building on that powerful foundation. Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.”

Making things more difficult for law enforcement

Offering enhanced security for user data stored in the cloud makes a lot of sense for Apple, especially when 1.1 billion personal records were exposed worldwide in 2021 as the result of data breaches according to a new white paper (PDF). However, the company’s new Advanced Data Protection feature may make things a lot more complicated for law enforcement.

In a report on this new feature, The Wall Street Journal highlights how Apple will no longer be able to provide iCloud phone backups after being requested to do so by law enforcement agencies. Even though the company has prevented the FBI and other government agencies from accessing encrypted data on the best iPhones, it has provided them with iCloud backup data in the past when after being legally requested to do so.

Once Advanced Data Protection becomes generally available and iPhone users start enabling it, Apple will no longer have the ability to comply with these requests which often include chat logs and attachments from iMessage. Law enforcement agencies in the U.S. and around the world will likely take issue with Advanced Data Protection but how this feature will affect future investigations remains to be seen. 

In a statement to The Washington Post though, the FBI expressed its concerns about the threat posed by end-to-end encryption, saying: “This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism. In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design.’”

When will Advanced Data Protection be available?

Advanced Data Protection in iCloud

(Image credit: Apple)

Even though Apple just announced this new feature, Advanced Data Protection is already rolling out to Apple Beta Software Program members in the United States. This will give the company time to tweak and perfect the feature before it becomes generally available.

If you’re not in the Apple Beta Software Program, you’ll need to wait until the end of the year (which is approaching fast) to test Advanced Data Protection for yourself. After the feature is released in the U.S., it will begin rolling out to the rest of the world early next year. At that point, we’ll likely know a bit more about how it works and if there are any downsides to enabling Advanced Data Protection for iCloud.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.