iOS 16.3 Expands Advanced Data Protection Option For iCloud Encryption Globally

Apple today announced that Advanced Data Protection is expanding beyond the United States. MacRumors reports: Starting with iOS 16.3, the security feature will be available globally, giving users to option to enable end-to-end encryption for many additional iCloud data categories, including Photos, Notes, Voice Memos, Messages backups, device backups, and more. iOS 16.3 is currently in beta and expected to be released to the public next week.

By default, Apple stores encryption keys for some iCloud data types on its servers to ensure that users can recover their data if they lose access to their Apple ID account. If a user enables Advanced Data Protection, the encryption keys are deleted from Apple's servers and stored on a user's devices only, preventing Apple, law enforcement, or anyone else from accessing the data, even if iCloud servers were to be breached.

iCloud already provides end-to-end encryption for 14 data categories without Advanced Data Protection turned on, including Messages (excluding backups), passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more. Advanced Data Protection expands this protection to the vast majority of iCloud categories, with major exceptions including the Mail, Contacts, and Calendar apps. For more information, you can read Apple's Advanced Data Protection support document.

Re:

[SpzToid]

I RTFA and you have to change defaults to delete the keys on their servers while assuming responsibility for data loss yourself as a result. It'll be tied to your device(s) including backup hardware. Apple sells hardware after all. So yeah, the implementation seems realistic. (Disclaimer: I only use Linux stuff like Ubuntu).

Re:

[SpzToid]

Here's an interview [pwc.com] from PricewaterhouseCoopers, (PwC) [wikipedia.org] with Jane Horvath, who lead Apple's Privacy department for many years, but has since left to join a law firm [reuters.com].

Re:

[gnasher719]

During the interview, she was still working at Apple. She starts talking about 6 mins into the interview.

Re:

[AmiMoJo]

The main issue I can see is that Apple's account recovery process is broken. I was reading a blog post about it: https://7c0h.com/blog/new/stol... [7c0h.com]

Seems that the system is flawed. Hopeully Apple can improve it, maybe with account recovery keys or something.

Re:

[gnasher719]

Yes, that's tricky. Now fact is that with my passcode you can get everything on my phone. A useful feature would be an alternative passcode: If someone goes to Apple either with your death certificate, or police if you have been kidnapped and them reading your phone is in your best interest, then someone at Apple types in the alternative passcode and the real passcode pops out.

Now doing this so legally Apple doesn't have to give it out to a search warrant, that's probably the hard part.

Re:

[NoMoreACs]

Yes, that's tricky. Now fact is that with my passcode you can get everything on my phone. A useful feature would be an alternative passcode: If someone goes to Apple either with your death certificate, or police if you have been kidnapped and them reading your phone is in your best interest, then someone at Apple types in the alternative passcode and the real passcode pops out.

Now doing this so legally Apple doesn't have to give it out to a search warrant, that's probably the hard part.

iOS (and likely iPadOS and macOS) now has a "Legacy Contact" setting, where you can setup someone who will be given access to your data in the event of your death. Your express consent is therefore given to that one entity.

I assume that using Custom Recovery Passwords effectively cancels this access. In that case, you need to use old-fashioned "shared secret" methods with your trustee. But I don't know that for sure.

I also assume it requires a certified copy of a death certificate, as well; but it is essent

Re: I know I'm being cynical... LEO access?

[ThurstonMoore]

Seems like reality doesn't match up with your cynicism. Apple has a record of not unlocking phones for cops.

https://www.latimes.com/local/... [latimes.com]

Re:

[gnasher719]

That one was really stupid. The shooter had two Samsung phones that he carefully destroyed. And he had an iPhone that he just left. So what are the chances that there would be any evidence on the iPhone? And not on the two destroyed Samsung phones?

Whatâ(TM)s in it for apple?

[gnasher719]

The cynics should ask themselves: Whatâ(TM)s in it for apple? Everything encrypted is the cheapest for them. Any request from the FBI, they can just say âoeSorry, canâ(TM)t do thatâ. Btw if you lose your keys, the data is gone. Apple canâ(TM)t help you restore anything.

Re:

[thegarbz]

Marketing. There's a market for this product.

Why is Mail, Contacts, and Calendar Excepted?

[CoolDiscoRex]

Curious why these three will remain unencrypted.

Re:Why is Mail, Contacts, and Calendar Excepted?

[tlhIngan]

Curious why these three will remain unencrypted.

Presumably to enable web access to them. With ADP on, you need to have an Apple product to access your data - you will lose web access to iCloud. So things like photos and such will likely no longer be shareable with others through the website. This is a relatively minor loss of functionality that I bet few people actually use.

But e-mail can be fairly critical, and let's say your Mac or iPhone breaks. If you have ADP on, then you'd better have to have a backup of the key or you also lost access to your inbox and everything in it. And also, in the meantime, you can't access your e-mail.

Webmail access to email is pretty much standard nowadays, and to do that well, your email and contacts will need to be unencrypted. Since email and calendar stuff are usually tied together tightly, it makes sense to have calendar be accessible as well.

So I suspect the main reason is to avoid the chicken and egg problem where your iCloud account is completely locked out because your Apple product broke, and you're unable to access your email and other things that might have important details on getting that product fixed (e.g., warranty) or just having access to your email and calendar.

Plus, if you lose your key, losing access to your existing email would probably be a disaster for a lot of people because it's the only way they can recover passwords and such.

Because honestly, for a lot of people, I'm sure iCloud is probably their second email address they have after their ISP provided email address. Except iCloud isn't dependent on their ISP. (Sure, they could sign up for Hotmail/Outlook or Gmail or others, but iCloud is right there...).

Re:

[CoolDiscoRex]

Makes sense. Thank you.

16.3 release already available?

[ci4]

I just installed 16.3 (iOS & iPADos) on my iPhone and my iPad mini 6 - both enrolled in apple's public betas. It was not labelled as a Beta or a RC, so presumably is the release pushed for testing by the wider user base.

Just FYI.