In early December, Apple made a surprise announcement: Advanced Data Protection for iCloud. It’s not as though iCloud’s standard data protection is problematic, but it hinges on one architectural decision that makes some iCloud data theoretically vulnerable: Apple holds the encryption keys necessary to decrypt iCloud data. Because Apple controls those encryption keys, an attacker or rogue Apple employee who could gain access to them could theoretically steal iCloud data. (There are many more safeguards; it’s not like there’s a big printout of keys anywhere.) Plus, since Apple has the technical capability to read that data, law enforcement agencies could legally compel Apple to hand it over.
Not all iCloud data is vulnerable in this way. Of the 26 types of iCloud data, 14 already support end-to-end encryption, where you control the encryption keys. That’s true of Health data, Passwords and Keychain, Apple Card transactions, and so on. You may not realize you’re managing these keys because Apple has baked that into the security architecture of its overall ecosystem. Apple hadn’t previously extended end-to-end encryption to more iCloud data types because doing so prevents Apple’s support engineers from recovering accounts for users who forget their passwords. Even when Apple can recover an account, the end-to-end encrypted data isn’t included.
Advanced Data Protection increases security by extending end-to-end encryption to 9 of the remaining 12 iCloud data types. Those include iCloud Backup, iCloud Drive, Photos, Notes, Reminders, Safari Bookmarks, Siri Shortcuts, Voice Memos, and Wallet passes. But if you turn on Advanced Data Protection and forget your password, Apple won’t be able to help you recover your data.
Apple isn’t being cavalier about this risk. When you enable Advanced Data Protection, you must set up an alternate recovery method, preferably two or more. The simplest is a printed recovery key that you should store with other important papers, such as where you keep birth certificates, and the other is an account recovery contact, a trusted person who can verify your identity and help you regain access to your account.
Nor is Advanced Data Protection a one-way street. If you ever decide the risk of forgetting your password is too great, you can always turn it off and fall back to iCloud’s standard data protection.
Several types of iCloud data remain under the standard iCloud protection even after you turn on Advanced Data Protection. For iCloud Mail, Contacts, and Calendars, the need to interoperate with external email, contacts, and calendar systems requires that Apple manage the encryption keys. Similarly, the collaboration capabilities of Pages, Numbers, and Keynote and the Shared Albums feature of Photos don’t support Advanced Data Protection. Also, although Advanced Data Protection can protect shared notes, reminders, and iCloud Drive folders, plus iCloud Shared Photo Library, that’s true only if everyone involved in sharing has Advanced Data Protection turned on. If not, the shared content falls back to standard iCloud protection.
There are also two notable downsides to turning on Advanced Data Protection:
- System requirements: All devices signed in with your Apple ID must be updated to at least iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2 HomePod 16.2, or the latest version of iCloud for Windows (yes, even HomePod and Apple TV so that they are able to access your personal data such as Photos and Reminders). As a result, you’ll have to remove your iCloud account from any device too old to upgrade to the necessary operating system version. That may be a deal-breaker for some people, but in time everyone will meet this requirement. You must also have two-factor authentication enabled for your Apple ID and a password or passcode set on your devices, but everyone should be doing that regardless.
- iCloud.com Web access: Turning on Advanced Data Protection automatically disables Web access to data at iCloud.com. You can re-enable Web access, but every subsequent visit to iCloud.com requires authorization from a trusted device, and the connection only lasts for an hour. If you make heavy use of iCloud.com, Advanced Data Protection may be burdensome.
So, should you use Advanced Data Protection? As long as all your devices support it, you’re not perturbed about the repeated iCloud.com authorizations, and you’re capable of maintaining both account recovery methods, go ahead. Although the benefit to most people isn’t huge—Apple’s security is excellent, and most people won’t be targeted by law enforcement—the downside is minimal as long as you understand the risk of Apple not being able to recover your account.
So in short the benefit is an exceptional level of security for your iCloud data. However, the major drawback is that if you ever forget your iCloud password or device code and lose your recovery key you can lose access to your iCloud data. Apple does not have an override into your account because that would defeat the purpose.
To enable the feature, navigate to Settings > Your Name > iCloud > Advanced Data Protection, tap Turn On Advanced Data Protection, and follow the prompts. Remember that you’ll need to set up the Account Recovery options before turning on Advanced Data Protection, and you may need to remove older devices from your iCloud account. I recommend printing the recovery code and keeping it with your birth certificate. And I recommend adding at least two individuals, one of whom should not live with you in case of a fire or other disaster that damages all of your devices.
(Featured image by iStock.com/TU I
If you are an existing customer who needs help with this or if you have other questions, or if you are in San Francisco and interested in becoming a client I invite you to book an appointment with me. Otherwise, you may wish to contact Apple Support or find a local Apple consultant.
For more tips like this delivered directly to your inbox sign up for my email list: