Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted (E2EE) data backups in its iCloud service.
The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and message backups, iCloud Drive, Notes, Photos, Reminders, Voice Memos, Safari Bookmarks, Siri Shortcuts, and Wallet Passes.
The iPhone maker said the only major iCloud data categories that are still not protected by E2EE are Mail, Contacts, and Calendar because of the “need to interoperate with the global email, contacts, and calendar systems” that use legacy technologies.
Advanced Data Protection’s E2EE protections for iCloud also mean that users’ personal data can only be decrypted on their trusted devices, which retain the encryption keys.
“If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help you recover it — you’ll need to use your device passcode or password, a recovery contact, or a personal recovery key,” Apple explains in a support document.
With the latest move, Apple has addressed a long-standing criticism that it holds the encryption keys to iCloud backups, thereby making the information vulnerable to data breaches, law enforcement requests, and even Apple’s own employees.
The use of encryption to safeguard user data has been inexorably intertwined with a challenge that’s referred to as “going dark,” wherein government agencies are hampered in their ability to gather incriminating digital evidence against serious crimes and other criminal investigations.
Alongside the news of expanded end-to-end encryption, Cupertino confirmed that it has abandoned its controversial plans for scanning messages for child sexual abuse material (CSAM) stored in iCloud Photos, according to reports from The Wall Street Journal and WIRED.
“Child sexual abuse can be headed off before it occurs,” Craig Federighi, Apple’s senior vice president of software engineering, was quoted as saying. “That’s where we’re putting our energy going forward.”
In a related security-themed upgrade, Apple is also expanding two-factor authentication for Apple ID with support for hardware security keys and is launching a new iMessage security feature called Contact Key Verification to ensure that “they are messaging only with the people they intend.”
The functionality, mainly geared towards journalists, human rights activists, and members of government, is designed such that automatic alerts are sent should a nation-state adversary successfully breach its cloud infrastructure and add a rogue Apple device to eavesdrop on the encrypted communications.
“And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call,” the tech giant said, mirroring a similar feature offered by Signal.
It is, however, worth noting at this point that iMessage is an instant messaging platform exclusive to the Apple ecosystem, and is not compatible with other major operating systems like Android and Windows.
These lock-in barriers also means that the new security protections cease to apply when communicating with users of Android smartphones, in which case Apple’s Messages app delivers the chat content in the form of regular, unencrypted SMS messages.
The security features arrive nearly three months after Apple announced another optional feature called Lockdown Mode that is designed to protect iPhones and its other products against intrusions from state-backed hackers and commercial spyware.
Advanced Data Protection for iCloud is expected to be available to U.S. users by the end of the year with iOS 16.2, iPadOS 16.2, and macOS 13.1. The feature is set to be rolled out globally in 2023, alongside Security Keys for Apple ID and iMessage Contact Key Verification.
The upcoming iOS 16.2 update is also set to enforce an AirDrop limitation that was originally introduced in China with iOS 16.1.1, restricting wireless transfers from non-contacts in close proximity for only a period of 10 minutes in an effort to cut down on spam.