PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Apple Expands End-to-End Encryption to iCloud Backups, Photos, and Notes

The move comes after Apple reportedly dropped plans to encrypt iCloud backups following a complaint from the FBI.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Apple is fulfilling a long-time privacy request by expanding the end-to-end encryption found in iMessage to a variety of other data types, including iCloud backups, Photos, and Notes

The end-to-end encryption is arriving through an opt-in feature called “Advanced Data Protection,” which is available to US users today through Apple's Beta software program. 

Once enabled, the end-to-end encryption means not even Apple can access most of your iCloud content. Instead, only your enrolled devices—which contain the required encryption keys—will be able to access the information. Hence, hackers and even law enforcement will be prevented from reading the data unless they can physically steal your smartphone or laptop. 

“For users who opt in, Advanced Data Protection keeps most iCloud data protected even in the case of a data breach in the cloud,” Apple adds.

New Advanced Data Protection Types

According to a support document, new data types that can be protected with the feature include: 

  • iCloud Backup
  • iCloud Drive
  • Photos
  • Notes
  • Reminders
  • Safari Bookmarks
  • Siri Shortcuts
  • Voice Memos
  • Wallet Passes

On iCloud, the end-to-end encryption was previously only available to data types pertaining to your health information, credit card payments, Safari browser history, and passwords, among others. However, Apple had refrained from bringing the encryption to iCloud, Photos and Notes, which can contain plenty of other personal information on a user. 

The reason is likely because the FBI in 2018 complained that doing so risked undermining its investigation into suspected criminals, according to Reuters. Through subpoenas, US law enforcement agencies can compel tech companies to hand over a user’s personal data, such as emails and search histories.

Apple says it’s now decided to expand the end-to-end encryption from 14 data categories to 23, if a user opts into the Advanced Data Protection. “The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems,” the company said. 

iCloud logo image

The company’s decision to expand the end-to-end encryption is bound to face criticism from the FBI. But in today’s announcement, Cupertino cited the growing threat from data breaches as a driver for needing the encryption.

Recommended by Our Editors

Motorola Crams 2-Day Battery Life Into an Impressively Thin Edge
Motorola Crams 2-Day Battery Life Into an Impressively Thin Edge
Apple WWDC 2026: How to Watch and What to Expect, Including iOS 27, Siri Updates, and More
Apple WWDC 2026: How to Watch and What to Expect, Including iOS 27, Siri Updates, and More
Surprise! Apple Just Boosted Trade-In Values. Here's How to Prep Your iPhone to Get the Max Payout
Surprise! Apple Just Boosted Trade-In Values. Here's How to Prep Your iPhone to Get the Max Payout

“Apple makes the most secure mobile devices on the market. And now, we are building on that powerful foundation,” says Ivan Krstić, Apple’s head of Security Engineering and Architecture.

That said, even with the Advanced Protection Feature activated, Apple notes it can still store some metadata on a user's iCloud activity, such as the "name, model, color, and serial number of the device associated with each backup." The company's support document has more details.

Apple plans on rolling out the Advanced Data Protection feature to all US users by the end of the year. It’ll then launch the system for customers globally in early 2023. To opt in, you have to go to the settings panel for iCloud.

There are some drawbacks with the end-to-end encryption. As Apple points out: "If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help you recover it — you’ll need to use your device passcode or password, a recovery contact, or a personal recovery key."

That said, users can always turn off the end-to-end encryption.

Security Keys and iMessage Contact Key Verification

As part of today’s announcement, the company is also adding support for hardware-based security keys for Apple ID accounts early next year. 

How the security key feature works on an iPhone

"This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government,” the company says. “For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors.”

In addition, the company created an "iMessage Contact Key Verification," which is designed to prevent elite hackers and spies from infiltrating your iMessage sessions. It works by warning you if an "unrecognized device" has been added to a contact's iCloud account during a chat.

the warning from the iMessage Contact Key Verification.

"Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications," Apple says. Expect the feature to also arrive next year.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio