Apple prides itself on being a privacy-first company, and when it comes to devices like iPhone and Mac, that’s true. But Apple’s iCloud backups were tangled in a mess of different encryption standards. Some things on iCloud, like your health data and passwords, are end-to-end encrypted. But a lot of stuff, like your notes, your photos, and your iMessages (when backing up to iCloud), aren’t. Apple now is starting to right this wrong, introducing a way to manually enable end-to-end encryption on many new data types.
What is Advanced Data Protection, and how does it work?
These changes come in the form of a new umbrella feature called Advanced Data Protection. Before Advanced Data Protection, only certain data types were encrypted end-to-end. Others were encrypted in transit to iCloud and when living on the iCloud server, but Apple always had the encryption key on hand should you need it. That’s convenient if you lose your password and need Apple to restore your data, but it’s a glaring privacy concern.
Once you enable Advanced Data Protection, it automatically encrypts device backups, message backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. That’s a lot of data that wasn’t end-to-end encrypted previously, most notably iMessages when backed up to iCloud.
Some categories like Mail, Contacts, and Calendar won’t be supported because “of the need to interoperate with the global email, contacts, and calendar systems,” according to Apple. In addition, there are limited amounts of data that won’t be end-to-end encrypted under categories that are end-to-end encrypted. You can see those items below:
- Name, model, color, and serial number of the device associated with each backup
- List of apps and file formats that are included in the backup
- Date, time, and size of each backup snapshot
- The raw byte checksums of the file content and the file name
- Type of file, and when it was created, last modified, or last opened
- Whether the file has been marked as a favorite
- Size of the file
- Signature of any app installers (.pkg signature) and bundle signature
- Whether a synced file is an executable
- The raw byte checksum of the photo or video
- Whether an item has been marked as a favorite, hidden, or marked as deleted
- When the item was originally created on the device
- When the item was originally imported and modified
- How many times an item has been viewed
- Date and time when the note was created, last modified, or last viewed
- Whether the note has been pinned or marked as deleted
- Whether the note contains a drawing or handwriting
- The raw byte checksum of content from an imported or migrated note
- Whether the bookmark resides in the favorites folder
- When the bookmark was last modified
- Whether the bookmark has been marked as deleted
Messages in iCloud
- When the last sync was completed and whether syncing has been disabled
- Date when content was last modified
- Error codes
- Type of message, such as a normal iMessage, SMS, or tapback
Another hitch: Advanced Data Protection only works on devices running iOS 16.2, iPadOS 16.2, and macOS 13.1. If you have devices that are stuck in older versions, you’ll have to remove them from the iCloud account. Currently, these OS updates are available in beta, and only for users in the U.S. The stable version will be out before the end of 2022, and global rollout will begin early in 2023.
You can try out Advanced Data Protection now by enrolling all devices on your Apple ID to these betas. While these betas are late in testing, and likely don’t have as many issues as earlier betas do, there’s still a risk in installing beta software on your device. If you’d rather skip the beta, you can wait for Apple to release these latest software versions later this month.
How to enable end-to-end encryption using Advanced Data Protection
Once you’re running iOS 16.2 on your iPhone (and with all other devices also on the latest version), you can enable Advanced Data Protection by going to Settings > iCloud > Advanced Data Protection.
Here, first, tap the Account Recovery button to set up a recovery system. This step is important because once you enable end-to-end encryption, Apple won’t be able to help if you lose access to your account login.
Make sure you set a recovery contact (a trusted person), and complete the authentication. Then, tap the Recovery Key button to copy the 28-digit recovery key for your iCloud account. Save this in a secure place. You can use this to recover your account and its data in case something goes wrong.
Now, go back to the iCloud section in Settings, and choose the Advanced Data Protection option. Here, enable the feature, walk through Apple’s steps, and you’re done.
[The Verge via Apple]
Read the full article here