(Credit: Apple)
People may have forgotten, but Apple would like remind the public that end-to-end encryption is available for their iCloud data to keep it protected from today’s cyber threats.
A year ago, the company began enabling end-to-end encryption for iCloud through a feature called Advanced Data Protection, which can prevent Apple itself from accessing most of the iCloud data stored in a user’s account. Instead, only the person's enrolled devices—which hold the encryption key—can view the data.
This end-to-end encryption can thwart cybercriminals from obtaining a user’s data through a breach, should it ever occur. The issue is that Apple first rolled out Advanced Data Protection through a beta software program before a mainstream iOS and macOS release. Hence, not all consumers may be aware of it.
On Wednesday, Apple held a briefing with journalists to reiterate the importance of bringing end-to-end encryption to iCloud storage. A company representative noted that many Apple users—including those who own iPhones on iOS 16.2 or later—now meet the minimum system requirements to activate the feature.
Apple is also highlighting the encryption when hacker-led breaches and ransomware attacks continue to scoop up massive amounts of user data each year, exposing victims to identity theft and other malicious schemes. Today, the company is publishing a study from MIT Professor Stuart Madnick that finds the number of data breaches has tripled over the past decade.
“The findings underscore that strong protections against data breaches in the cloud, like end-to-end encryption, have only grown more essential,” Apple says.
(Credit: Stuart Madnick )Advanced Data Protection won’t stop hackers from breaking into third-party platforms and stealing user data; the feature will only secure the user’s iCloud data. Still, Apple says that more companies are adopting end-to-end encryption in their own systems, which could help protect the entire IT ecosystem.
Apple created a support document that outlines how to turn on Advanced Data Protection. One notable requirement is that the user needs to ensure that all their Apple devices, including the Apple Watch and Apple TV, are running compatible software versions to enable the feature.
Advanced Data Protection also comes with some trade-offs. The support document notes: “With Advanced Data Protection enabled, Apple doesn't have the encryption keys needed to help you recover your end-to-end encrypted data. If you ever lose access to your account, you’ll need to use one of your account recovery methods—your device passcode or password, your recovery contact, or recovery key—to recover your iCloud data.”
By default, Apple’s iCloud will already use end-to-end encryption for 14 categories of user data. However, the Advanced Data Protection can increase the number of categories to 23, including for photos, iCloud Drive, iCloud Backup, along with notes and reminders. Only iCloud Mail, Contacts, and Calendar are exempt from the end-to-end encryption since all three are designed to work with legacy systems that don’t require such encryption.