The “advanced data protection” makes it possible to secure the contents of your iCloud account as much as possible by preventing Apple from accessing it, including in the event of an emergency. This is an optional setting.
In December 2022, Apple announced a revolution for iCloud. The service in charge of synchronizing and backing up Apple devices has opened up to end-to-end encryption. Concretely, this means that everything stored in iCloud becomes inaccessible without an authentication key, which Apple is not aware of.
iCloud’s default behavior is to encrypt data, with the ability to recover it in an emergency using an Apple-owned key. End-to-end encryption, once activated, deprives Apple of this solution of last resort, in order to give the user full power over his data. Obviously, this is at his own risk (if he forgets the password or loses his other devices, he can permanently lose his account).
By making iCloud one of the first major services to adopt end-to-end encryption, Apple is also taking the risk of alienating the authorities (without back door, impossible for them to unlock the device of a suspect). For this reason, this is not the default behavior, but an optional setting for people looking for maximum data protection.
Lots of requirements
Setting up end-to-end encryption isn’t easy. If the option is easy to find (go to Settingstouch your name at the top of the listselect iCloud then Advanced data protection), it requires several concessions.
To enable end-to-end encryption, you must have developed a backup solution. Two are offered by Apple:
- Designate a trusted contact, such as a family member, who will have the authority to reactivate your account in the event of an emergency.
- Generate a 28-character security key that should be written down on a piece of paper and then hidden in a trusted place (a clue could be the password manager, which contains a safe for notes). This code unlocks a blocked iCloud account.
But that’s not all. Once end-to-end encryption is enabled, all Apple devices linked to your account will need to be up to date to work. Apple has made the decision to prevent account encryption if a single device in the house is not up to date or not compatible, which may force you to sacrifice your old devices if they do not support iOS 16.3, iPadOS 16.3 or macOS 13.2, which are required to enable the feature.
Another limitation: end-to-end encryption disables access to iCloud.com. To access the portal, you must give your consent on your device (whereas iCloud.com allows you to connect to your account when you don’t have your device).
Once you meet all the requirements, you can enable end-to-end encryption. Nothing changes in the user experience, iCloud will continue to function normally.
Note that it is possible to deactivate the option. If Advanced Data Protection is removed, iPhone will send encryption keys stored locally to Apple’s servers to re-enable default behavior.
What data is protected by iCloud end-to-end encryption?
iCloud is not just a storage service, it is also the platform in charge of synchronizing all the data on your Apple devices. Several services are affected by end-to-end encryption:
- System backups;
- Messages (if iMessage synchronization is enabled);
- iCloud Drive (Apple’s file storage service, as well as the platform that allows third-party applications to synchronize their data from one device to another),
- The notes ;
- Photos ;
- Reminders;
- Safari bookmarks and history;
- Shortcuts;
- Dictaphone recordings;
- Wallet application loyalty cards.
There are three missing from this list: emails, contacts and calendars. The fault with the use of a protocol shared by the whole industry, which makes it possible to synchronize its mails and its contacts with other applications than those of Apple. The Californian brand explains that if this data were encrypted, it would become limited to iPhones, iPads and Macs. Which is not really desirable.
Help us build the future of Numerama by answering this survey!