iCloud Advanced Data Protection
iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.
“What happens on your iPhone, stays on your iPhone” is what Apple boasted on a massive billboard it plastered on the side of a building, for all to see, at CES 2019. Although the essence of the ad was accurate, the messaging always felt a tad hollow. You couldn’t repeat it in good faith without hanging a couple of asterisks on the end.
iCloud Advanced Data Protection closes that gap and makes good on Apple’s wide-reaching marketing push towards privacy in full. If you want to, you can now fully encrypt the most vital sensitive information: Photos and Messages, including as part of an iCloud backup. End-to-end encryption means no one has the key to read that data, except you in the form of your Apple ID password (or device passcode, as Apple lets users unlock access to their account that way too). No other manufacturer offers a comprehensive end-to-end encryption option. It’s a big deal.
I won’t be turning this on myself. I value the safety net of Apple Support in the event I ever somehow forget my password more than the (mostly theoretical) risk that some entity may one day get their hands on my iCloud data. I won’t be recommending my family members do this either, for the same reason. Of course, if you are a potential target of a malicious nation state, like a political activist or journalist, you will probably choose differently. That’s great. What matters is the option is there. It’s so important because iOS does not let any third party service have low-level system access to offer an alternative cloud backup solution. iCloud Backup was the de facto only choice — aside from having no backup at all — and iCloud Backup was effectively an encryption backdoor … until now.
Apple has boldly presented Advanced Data Protection as a feature intended to rollout worldwide. Even if that is practically unrealistic, I am proud that Apple approached this the way they did. They are taking on the responsibility of countless legal battles and geopolitical angst. They could have negotiated this in private, but instead they are forcing the fight into the open. If end-to-encryption ultimately isn’t available in a certain region, we’ll know who to blame.