Apple advances user security with powerful new data protections

2 Likes

For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.

Advanced Data Protection for iCloud is available in the US today for members of the Apple Beta Software Program, and will be available to US users by the end of the year. The feature will start rolling out to the rest of the world in early 2023.

An overall interesting read, but imo the above is the important bit. It seems like iMessage backups will also be E2E Encrypted, using this feature. It’s good to see, but It’s about damn time.

This is such a big improvement for Apple users, but I’m also a bit skeptical when it comes to iMessage since even though Apple will offer users the possibility to enable end-to-end encrypted iCloud backups for those, users have to enable them themselves, so it isn’t on by default. Thus, you still cannot trust that all of your contacts would choose to do that and therefore, other messenger services like Signal are still clearly a better option for those who are serious with their privacy.

I agree. Specially for me who uses apple notes a lot.

The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.

Unfortunately, no apple calendar e2ee.

I’m not sure what the obstacle is on Apple’s end, but encrypting email, contacts, and calendar is literally what Proton does. There’s gotta be a way for Apple to do it, but we shall see.

I disagree with encrypting emails. Email itself built on insecure platform and there is no way to make truly e2ee. Contacts allows you to add “Internet Accounts” and calendar got link sharing features. Prob you could e2ee but it might hurt UX.

The fact that apple added e2ee for so many iCloud services is a win for everyone. As, Apple sets the standard on what secure (consumer) cloud backup looks like. This may pressure Google, Microsoft to implement such security feature.

1 Like

Apple notes that three important categories of data—contacts, emails, and calendar data—will still not be end-to-end encrypted, even with Advanced Data Protection for iCloud turned on. The company says that all three are difficult to lock down because they involve legacy protocols and must be in a format that allows them to interoperate with a host of third-party applications. In short, Apple doesn’t want to break your ability to use your favorite email client or calendar app. The three categories represent a body of extremely sensitive user data, though. When asked whether they will ever be end-to-end encrypted in iCloud, an Apple representative said there were no other announcements at this time, but that the company is always working to move forward.

source

Here is more info from iCloud data security page

  • iCloud Mail: iCloud Mail does not use end-to-end encryption because of the need to interoperate with the global email system. All native Apple email clients support optional S/MIME for message encryption.
  • Contacts and Calendars: Contacts and calendars are built on industry standards (CalDAV and CardDAV) that do not provide built-in support for end-to-end encryption.
1 Like

I really like the security keys feature, as I really don’t like using a phone number to be tied to 2FA.

But does that mean if I create an Apple ID and I opt for Yubikey, I won’t need a phone number? Is registering for an Apple ID without a phone number finally possible?

Proton also can’t integrate well with other systems, probably why they don’t use it.

1 Like

Yes, this is the point that @404 also alluded to, which makes total sense. Proton is encrypting these services, but those services are also not plugging into a bunch of third party apps that people are using. In a sense Proton seems to have to lock down their ecosystem in order to provide encryption.

Hopefully, industry standards like CalDAV and CardDAV get built in support for E2EE.

This sounds like really good news. I currently use Cryptomator with Google Drive for my cloud backups but I am on all Apple Devices.

I will give it a few months to see how the rollout goes, but will definitely keep a close eye on it and seriously consider using it myself. Seemless, constant E2EE backups that ‘just work’ :wink: sound amazing. But also almost too good to be true…

Just an update,
iOS 16.3 and macOS 13.2 expands Advanced Data Protection option globally (it was US only before) alongside adding support for physical security keys.

This feature is not backward compatible. Therefore, any devices that use your Apple ID and iCloud must be running the most recent OS updates that include support for advanced data protection. As for the reason;

Devices where the user is signed in with their Apple ID must be updated to iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2, and the latest version of iCloud for Windows. This requirement prevents a previous version of iOS, iPadOS, macOS, tvOS, or watchOS from mishandling the newly-created service keys by re-uploading them to the available-after-authentication HSMs in a misguided attempt to repair the account state.

Some also facing issues when updating HomePod after setting up Advance Data Protection. Here is a fix.

Other than that it works pretty smoothly and you won’t see any difference (compare to lockdown mode). Highly recommend turning this on or suggesting who use apple devices to turn this on.

1 Like