Apple in December introduced three advanced security features focused on protecting against threats to user data in the cloud, representing the next step in its ongoing effort to provide users with even stronger ways to protect their data. With iMessage Contact Key Verification, users can verify they are communicating only with whom they intend. With Security Keys for Apple ID, users have the choice to require a physical security key to sign in to their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud Backup, Photos, Notes, and more.
Even prior to Apple’s announcement, iCloud already protected 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.
Joseph Cox for Vice’s Motherboard:
“For years we’ve had to deal with the fact that an entire copy of our phone lives on a server that’s outside of our control. Now the data on that server is under our control. That’s really all that’s changed here,” Matthew Green, associate professor at Johns Hopkins University, told Motherboard in an online chat. “I think it’s an extremely important development.”
“The ability to have end-to-end encryption for cloud storage such that it is a personal vault to which only you hold the keys is a big step for Apple,” Alan Woodward, a cybersecurity professor at the University of Surrey, told Motherboard in an online chat. “It has been a bit of an alternate route for law enforcement in the past to obtain data that was stored on devices when users hadn’t quite realised it was being synchronised to iCloud. Closing the ‘loophole’ is doubtless going to bring some push back from law enforcement but clearly Apple believe it is something the customers want.”
MacDailyNews Take: By default, Apple’s iCloud secures your information by encrypting it when it’s in transit, storing it in an encrypted format, and securing your encryption keys in Apple data centers. In addition, many Apple services use end-to-end encryption; your information is encrypted using keys derived from your devices and your device passcode, which only you know. For the highest level of cloud data security, you can turn on Advanced Data Protection (iOS 16.2 or later required; available only in the U.S., currently).
With Advanced Data Protection enabled, not even Apple will not be access the data when it’s stored on the company’s servers.
Advanced Data Protection uses end-to-end encryption on more data categories such as the following:
• Device backup
• Messages backup
• iCloud Drive
• Notes
• Photos
• Reminders
• Safari bookmarks
• Siri Shortcuts
• Voice Memos
• Wallet passes
With Advanced Data Protection, your protected data can be decrypted only on your trusted devices, protecting your information even in the case of a data breach in the cloud. Not even Apple can access your information.
Before you turn on Advanced Data Protection, you’ll be guided to set up at least one alternative recovery method: a recovery contact or a recovery key. With Advanced Data Protection enabled, Apple doesn’t have the encryption keys needed to help you recover your end-to-end encrypted data. If you ever lose access to your account, you’ll need to use one of your account recovery methods — your device passcode or password, your recovery contact, or recovery key — to recover your iCloud data.
Your device passcode or password is the passcode on your iPhone or iPad, or the login password on your Mac that you set to protect your device and enable two-factor authentication. It’s also used to reset your Apple ID password and to recover your end-to-end encrypted data if you lose access to your account.
A recovery contact is a trusted friend or family member who can use their Apple device to help you regain access to your account and data. They won’t have any access to your account, only the ability to give you a code to help you recover your account. Learn more about recovery contacts.
A recovery key is a secret 28-character code that you can use, along with a trusted phone number and an Apple device, to recover your account and data. Learn more about recovery keys.
To turn on Advanced Data Protection for iCloud, you need:
• An Apple ID with two-factor authentication.
• A passcode or password set for your device.
• At least one account recovery contact or recovery key. If you don’t already have one, you’ll be guided to set one up when you turn on Advanced Data Protection.
• Updated software on all of the devices where you’re signed in with your Apple ID:
– iPhone with iOS 16.2
– iPad with iPadOS 16.2
– Mac with macOS 13.1
– Apple Watch with watchOS 9.2
– Apple TV with tvOS 16.2
– HomePod with software version 16.2
– Windows computer with iCloud for Windows 14.1
Managed Apple IDs and child accounts are not eligible for Advanced Data Protection.
How to turn on Advanced Data Protection for iCloud:
You can turn on Advanced Data Protection on an iPhone with iOS 16.2, iPad with iPad OS 16.2, or a Mac with macOS 13.1. Turning on Advanced Data Protection on one device enables it for your entire account and all your compatible devices.
On iPhone or iPad:
1. Open the Settings app.
2. Tap your name, then tap iCloud.
3. Scroll down, tap Advanced Data Protection, then tap Turn on Advanced Data Protection.
4. Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.
On Mac:
1. Choose Apple menu > System Settings.
2. Click your name, then click iCloud.
3. Click Advanced Data Protection, then click Turn On.
4. Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.
WARNING: If you use Advanced Data Protection, you’re responsible for your data recovery. Because Apple won’t have the keys required to recover your data, you’ll need to have a Recovery Contact or Recovery Key set up on your account. You can use these additional recovery methods to regain access to your data if you ever forget your password or lose access to your account.
Note: If you choose to turn off Advanced Data Protection later, your iCloud data will revert to the standard level of security.
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
Shop The Apple Store at Amazon.
A step in the right direction BUT leaving iCloud Mail, Contacts, and Calendar open means one is STILL very vulnerable.
As Snowden has revealed, a lot can be known about you and your activities through meta-data, others you communicate with, or through their unprotected info.
So, let’s not develop a false sense of security or privacy.