Apple has long used the end to end encryption for some of your iPhone’s information, like passwords or health data, but the company neglected to offer a way to better protect other crucial data, including iCloud backups, until recently.
This came after years of a hard-fought battle that pushed Apple to encrypt backups. With advanced data protection, that extra security is now an option, but you have to activate it yourself. This is a huge win for user privacy, and sets a new bar for cloud device backup security.
What is data encryption on an iPhone
Apple introduced Advanced Data Protection in the United States in December 2022 and launched it globally in January 2023. The idea is simple: You can now enable end-to-end encryption for data that was previously only encrypted in transit and on Apple servers, meaning that Apple itself could access the data.
In other words, you can now control the encryption keys and Apple will not be able to access any of this data. It also means that Apple won’t be able to help you regain access to most of your account information. The full list of data categories is available on Apple’s site, but the most notable ones include iCloud backup, which includes Messages backup, iCloud Drive, photos, notes, and reminders.
EFF first asked Apple to enable encrypted backups in 2019 because, while some of the data in iCloud is end-to-end encrypted, backups were notand that meant that many different categories of data were vulnerable to government requests, third-party hacking, and disclosure by Apple employees.
How to enable advanced data protection
This was often a cause of confusion with messages, where messages were end-to-end encrypted, but backups were not. The potential for privacy issues was further complicated in 2021 when Apple proposed a client-side scanning backdoor for child sexual abuse material (CSAM), but it was delayed after EFF supporters and allies delivered a petition. which contained more than 60,000 signatures to Apple executives.
With advanced data protection enabled, your backups and most important files get that benefit of end-to-end encryption, better securing your files against mass surveillance, dishonest Apple employees, or potential data leaks. If all your devices are compatible with the latest operating systems, you can activate Advanced Data Protection without losing any featuresso most people should turn it on, if you can.
You can enable the advanced data protection from an iPhone, iPad or Macand will apply to all other Apple devices you own.
But before you can activate it, you need to follow a couple of steps: enable two-factor authentication for your Apple account if you haven’t already, and update all your Apple devices to at least iOS 16.3, iPadOS 16.3, macOS 13.2, tvOS 16.3, watchOS 9.3.
Devices with iCloud
If you have older devices connected to the iCloud account you’re enabling ADP on, and they can’t be updated, you may want to reconsider turning on Advanced Data Protection for now. If you can upgrade, follow these steps to turn on end-to-end encryption:
- First on iPhone or iPad, open Settings or System Settings on Mac
- Now click on “Your name” and then on iCloud
- Find “Advanced data protection” and then “Account recovery”
- Here, you are offered one of two options for a recovery method. This helps you regain access to your account, since Apple will not be able to help you.
You have to choose at least one recovery method
Recovery Contact: This is a friend or family member who owns an Apple device and can help you regain access to your account if necessary.
They will not be able to access any of your data, but rather they will be able to send you a recovery code that will allow you to log back in. You can remove them from this same menu in the future, if necessary.
Recovery key: This is a 28-character code that returns you to your account if necessary. Apple does not receive a copy, so if you lose it, you may lose access to your Apple account forever. If you choose this method, you will have to type the key a couple of times, so write it down. For it:
- First go back to Settings o System settings on Mac
- Click on “Your name” and in «iCloud Advanced Data Protection»
- Account recovery menu and press “Turn on advanced data protection” and follow the instructions.
- You will have to enter the PIN of your phone and the recovery key, if you choose that recovery method.
Advanced data protection is not perfect
If you have an older device that cannot be updated to iOS 16.3 or later, Advanced data protection can only be enabled if you remove your Apple ID from that device. In many cases, this renders that device useless. For example, if you have an older Apple TV that can’t be updated, deleting it prevents you from accessing the App Store with your Apple ID, which prevents you from using Netflix, Hulu, and any other apps.
Apple should make this process easier, giving people the option to sign up for Advanced Data Protection without removing the Apple ID from older devices, even if that means cutting off access to certain sharing features, like iCloud Drive or Apple Photos.
However, all is not completely lost. For some devices, like an Apple TV or an older MacBook, a workaround for this quirk is to create a second Apple ID, then assign it as a family member in Family Sharing, which should pass through many of your subscriptions or downloads. the App Store, but will not give that device access to the type of data included in Advanced Data Protection.
For example, you won’t be able to access your photo library, but you’ll still be able to access a Netflix subscription that you pay for through Apple (if you don’t pay for any subscriptions through Apple, you’ll have nothing to worry about). This can be a tedious process to set up. This solution won’t work for a device that relies more on synced data, like an Apple Watch.
Examples of Apple encryption
The way Apple handles data encryption across its apps and services is clear when you turn on Advanced Data Protection, but other apps don’t have the same clarity. Even If a third-party app uses iCloud sync features, data may not always be end-to-end encryptedand it’s not easy to figure out the behavior of a specific app without diving into forum posts or emailing an app developer directly.
It would be nice if there was some kind of visual indication of what is and is not end-to-end encrypted, and even better if Apple would end-to-end encrypt all sync data by default to leave no room for misunderstanding from the perspective of the app developer and the app user. Any apps that sync with your own servers or cloud storage will not fall under Advanced Data Protection at all.
Not everything you store in iCloud is included with advanced data protection. iCloud mail, contacts, and calendar events are not end-to-end encrypted, and Apple still collects some metadata about backups, iCloud Drive files, photos, notes, bookmarks, and messages.
Whether something is encrypted or not can also be a bit confusing when sharing files and collaborating on documents. If everyone involved has Advanced Data Protection enabled, then in most cases, such as sharing a file or note, the content will be end-to-end encrypted.
But sometimes, like any type of collaboration, shared content is not end-to-end encrypted. Again, a visual indicator would help a lot in understanding what is and is not secured.
While it’s not perfect, advanced data protection is the kind of feature we expect Google, Microsoft, and others to add in the future. It would be even better if this became Apple’s default. Either way, it’s a good step to protect your privacy.