Photo: nikkimeel (Shutterstock)
Apple prides itself on being a privacy-first company, and when it comes to devices like iPhone and Mac, that’s true. But Apple’s iCloud backups were tangled in a mess of different encryption standards. Some things on iCloud, like your health data and passwords, are end-to-end encrypted. But a lot of stuff, like your notes, your photos, and your iMessages (when backing up to iCloud), aren’t. Apple now is starting to right this wrong, introducing a way to manually enable end-to-end encryption on many new data types.
What is Advanced Data Protection, and how does it work?
These changes come in the form of a new umbrella feature called Advanced Data Protection. Before Advanced Data Protection, only certain data types were encrypted end-to-end. Others were encrypted in transit to iCloud and when living on the iCloud server, but Apple always had the encryption key on hand should you need it. That’s convenient if you lose your password and need Apple to restore your data, but it’s a glaring privacy concern.
Once you enable Advanced Data Protection, it automatically encrypts device backups, message backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. That’s a lot of data that wasn’t end-to-end encrypted previously, most notably iMessages when backed up to iCloud.
Some categories like Mail, Contacts, and Calendar won’t be supported because “of the need to interoperate with the global email, contacts, and calendar systems,” according to Apple. In addition, there are limited amounts of data that won’t be end-to-end encrypted under categories that are end-to-end encrypted. You can see those items below:
iCloud Backup
Name, model, color, and serial number of the device associated with each backupList of apps and file formats that are included in the backupDate, time, and size of each backup snapshotiCloud Drive
The raw byte checksums of the file content and the file name Type of file, and when it was created, last modified, or last openedWhether the file has been marked as a favoriteSize of the fileSignature of any app installers (.pkg signature) and bundle signatureWhether a synced file is an executablePhotos
The raw byte checksum of the photo or videoWhether an item has been marked as a favorite, hidden, or marked as deletedWhen the item was originally created on the deviceWhen the item was originally imported and modifiedHow many times an item has been viewedNotes
Date and time when the note was created, last modified, or last viewedWhether the note has been pinned or marked as deletedWhether the note contains a drawing or handwritingThe raw byte checksum of content from an imported or migrated noteSafari Bookmarks
Whether the bookmark resides in the favorites folderWhen the bookmark was last modifiedWhether the bookmark has been marked as deletedMessages in iCloud
When the last sync was completed and whether syncing has been disabledDate when content was last modifiedError codesType of message, such as a normal iMessage, SMS, or tapbackAnother hitch: Advanced Data Protection only works on devices running iOS 16.2, iPadOS 16.2, and macOS 13.1. If you have devices that are stuck in older versions, you’ll have to remove them from the iCloud account. Currently, these OS updates are available in beta, and only for users in the U.S. The stable version will be out before the end of 2022, and global rollout will begin early in 2023.
You can try out Advanced Data Protection now by enrolling all devices on your Apple ID to these betas. While these betas are late in testing, and likely don’t have as many issues as earlier betas do, there’s still a risk in installing beta software on your device. If you’d rather skip the beta, you can wait for Apple to release these latest software versions later this month.
How to enable end-to-end encryption using Advanced Data Protection
Once you’re running iOS 16.2 on your iPhone (and with all other devices also on the latest version), you can enable Advanced Data Protection by going to Settings > iCloud > Advanced Data Protection.
Here, first, tap the Account Recovery button to set up a recovery system. This step is important because once you enable end-to-end encryption, Apple won’t be able to help if you lose access to your account login.
Make sure you set a recovery contact (a trusted person), and complete the authentication. Then, tap the Recovery Key button to copy the 28-digit recovery key for your iCloud account. Save this in a secure place. You can use this to recover your account and its data in case something goes wrong.
Now, go back to the iCloud section in Settings, and choose the Advanced Data Protection option. Here, enable the feature, walk through Apple’s steps, and you’re done.
[The Verge via Apple]
