Apple Provides End-to-end Encryption For Most iCloud Services
Reading Time: 3 minutes

Apple will provide end-to-end encryption for most iCloud services, the company had earlier shelved its plans to check the legality of on-device photos prior to cloud synchronization.

This Wednesday Apple announced what it calls Advanced Data Protection. According to Ivan Krstić, Apple’s head of security engineering and architecture, the company will offer the highest level of cloud data security. Users will have a choice to protect vast and sensitive iCloud data with end-to-end encryption. This can only be decrypted on their trusted devices. 

Apple offers end-to-end encryption of 14 iCloud services. This includes passwords in iCloud Keychain, Health data, and more. But the iBiz has not made E2E encryption broadly available for iCloud. They prefer to retain access to a significant amount of customer data on company servers, which has suited authorities. Authorities worry that other encryption could leave them in the dark about potential threats.

One challenge for cloud services providers and Apple has been child sexual abuse material or CSAM. To address this problem, last year, Apple proposed scanning your photos as they get synced with the cloud.

The security community showed strong opposition to the idea of using people’s own devices against them. While Apple ultimately backed down, settling on communication safety tools deployed in iOS 15.2, there are still some individuals in Europe and the UK who support government-endorsed spyware to catch child abusers and terrorists.

Although data snooping has been largely motivated by well-intentioned parties, Apple’s commitment to comprehensive data protection standards may make the practice obsolete. Google Messages has been testing E2E encryption for group chats and WhatsApp deployed E2E encryption for message backups last year. With Apple making 23 separate categories mandatory for their enterprise, strong privacy protections are more of a market necessity than ever before.

When a user chooses to use Advanced Data Protection, their data will be encrypted with keys stored locally on the device. This means Apple will no longer have access to their personal data.

Apple explains in its documentation, “All CloudKit Service keys that were generated on the device and then uploaded to iCloud Hardware Security Modules (HSMs) in Apple data centers have been deleted from those HSM’s and instead kept entirely within the account’s iCloud Keychain protection domain. They are handled like the existing end-to-end encrypted service keys, which means the Fruit Shop can no longer read or access these keys.”

Messages in iCloud are E2E encrypted unless you enable iCloud Backup. With Advanced Data Protection, that exception will no longer occur – everything inside the iCloud Backup, including the encryption key, is protected.

The security community is excited about Apple’s decision to establish broad E2E encryption for their services. Matthew Green, a cryptography professor at Johns Hopkins University, said the announcement is a big deal and will improve the privacy of Apple customers.

Apple recently announced that it will soon be implementing end-to-end encryption for iCloud backups in order to keep customers’ personal messages, documents, and data secure from hackers, law enforcement agencies, and Apple itself. Critics have warned against this move on the grounds that it will put people at risk, but the truth is that encrypting our content makes everyone safer.

Seeley George is quoted as saying, “This digital security has the potential to improve human rights and the quality of life across the globe.”

Apple will still be able to access some metadata and usage information about iCloud, but it will be encrypted with keys to that Apple has access. This will include file modification timestamps and checksums for the file and photo data – hashes that can be useful for identifying illegal activity or assisting law enforcement.

Encryption is important for email, contacts, and calendars, but data from these services will not be fully protected. With an iCloud Mail account or any other services that use encryption in transit and on the server, your data will always be encrypted.

To enable Advanced Data Protection, you will need an Apple ID with two-factor authentication enabled and devices updated to iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2, or the latest version of iCloud for Windows. Users are also required to set up at least one recovery device in the event that they lose access to their account.

Recently, Apple announced the ability to verify who they are talking to in a convo on iMessage. The feature is designed to give users a warning if someone tries to add their device as a third-party account holder on the contacts in order to intercept any messages sent. Additionally, there will be a new “Contact Verification Code” that can be used with secure calls or face-to-face meetings in order to get verification of identity.

Apple users can also use a hardware security key for two-factor authentication. While the Advance Data Protection for iCloud is available in the US for users participating in the Apple Beta Software Program. It will be made available to people in the US by the end of the year and later rolled out globally in 2023. 

Related Articles:
Apple Releases macOS, iOS, iPadOS patches for ‘exploited’ security bugs
Apple’s Latest Update for iOS Patches Dangerous Security Holes
AppleJeus Malware Disguised as Cryptocurrency Apps Distributed by North Korean Hackers