Apple's Advanced Data Protection feature is here - what you need to know

Posted:
in iOS
Apple has rolled out Advanced Data Protection, which means even more of your iCloud data can be end-to-end encrypted. Here's why you may want to toggle this feature on, and what it means for your privacy.

Advanced Data Protection
Advanced Data Protection


If you're reasing this, you probably know how end-to-end encryption works. For those of you who don't, here's a short analogy to help you understand why it's important.

Say you write a very personal letter to a friend and send it to them via the mail. There's nothing stopping someone from stealing the letter in transit to read what you wrote, aside from the very real threat of tampering with the mail.

Sure, an envelope prevents people from being able to see what you wrote at a glance. Like locks, envelopes primarily keep honest people honest.

Now, instead of just sending a letter to your friend, say you used a secret code only you and your friend know to obscure the information inside. That way, while in transit, the data is effectively useless to prying eyes.

Sure, someone could open your letter and look at it, but without knowing how to decode what was written, it's not terribly useful to the average ne'er do well.

While that is a very simple explanation, end-to-end encryption, or E2EE, works similarly. Apple encrypts plenty of your iCloud data already, like your text messages and health data.

What iCloud data Apple automatically encrypted

Apple already has a great deal of data that is encrypted by default.
  • Health data

  • iCloud Keychain

  • Wi-Fi and Cellular credentials

  • Home data

  • Payment information

  • Siri information

  • iMessage and FaceTime content
These are encrypted by default while "in motion" -- meaning across the internet -- as that is deemed critical for keeping you safe. Some of this data is end-to-end encrypted.





Most of it, minus payment data, is stored in iCloud backups which are stored encrypted -- but Apple has the key. So, some of it can be retrieved by Apple if they are served a subpoena.

But, there is now a way to hide your data from nearly everyone -- including Apple.

What data Advanced Data Protection encrypts

Apple's new Advanced Data Protection feature goes a step further and allows you to encrypt additional information in iCloud with a few new layers of security.

Data encrypted by enabling Advanced Data Protection

  • Device backups

  • Messages backups

  • iCloud Drive

  • Notes

  • Photos

  • Reminders

  • Safari Bookmarks

  • Voice Memos

  • Wallet passes
Apple notes that the only major iCloud data categories that aren't covered are Calendar, Contacts, and iCloud Mail, as these features need to interoperate with global systems.

Data responsibility
Data responsibility warning


As a reminder, this is an opt-in feature and not done automatically. This is an accountability issue -- if you lose access to your account and can't access it with a recovery method, your information is effectively locked away forever.

Why you should enable Advanced Data Protection

Encryption protects you from being targeted by all sorts of people who would want nothing more than to snoop through your data. That encryption of your data is crucial to keep yourself safe -- even if you think you don't have anything to hide.

Everyday, everybody discloses a lot of personal information about ourselves to others -- our phone numbers, our birthdays, our locations when we will and won't be home.

And, if you're like many people, you may have a Notes file with particularly sensitive information sitting around on your iPhone. Imagine how dangerous that could be if a third party could easily read that information.

We take pictures of our possessions, of our family members, of our homes -- things that you may not want a stranger to casually thumb through.

And it isn't just identity thieves who want your data, either. Plenty of data brokers would love to have unrestricted access to your most personal information to better build their digital profile of you.

Then, they can sell that data -- without cutting you in, of course -- to ad agencies who might deem you an easy mark for a quick sale.

Encryption may not fully stop them from being able to track you, but it certainly can prevent them from knowing plenty of things they shouldn't.

Keeping your data accessible

Of course, you're going to want to make sure that you can still access your data across all your devices associated with your Apple ID.

This means that it is critical that you keep everything updated. Your iPhone, iPad, Apple Watch, and Apple TV -- everything.

This also means that if you've got unsupported devices, they may lose access to anything encrypted in your iCloud account.

You'll also want to be prepared in the event that you lose access to your iCloud account. Apple will automatically prompt you to set up a recovery person or recovery phrase. So make sure you choose someone trustworthy, or something easy to remember.

Once you're ready to take the leap, here's how you can start making your account extra secure.

How to enable Advanced Data Protection

  1. On your iPhone, open Settings

  2. Tap Apple ID

  3. Tap iCloud

  4. Scroll down and toggle on Advanced Data Protection
You'll just need to follow the steps, logins, and requirements Apple requires to enable the feature.


Read on AppleInsider
«1

Comments

  • Reply 1 of 23
    Doesn’t work in Canada - says “not currently available in your region”. This is most likely US only and would be a good point to add to the article and any timelines on other country role out (if known)
    caladanianAnilu_777GrannySmith99watto_cobra
  • Reply 2 of 23
    SHKSHK Posts: 20member
    Already confused. I was told in the setup screen to "print out your key" but given NO option to actually print.
    caladanianpulseimageswatto_cobra
  • Reply 3 of 23
    MadbumMadbum Posts: 436member
    Epic Games won’t like Apple blocking them from accessing your  data!!
    edited December 2022 williamlondonAnilu_777watto_cobra
  • Reply 4 of 23
    The article says to pick a recovery phrase that’s easy to remember.  Apple generates the recovery code (not phrase) so you can’t pick your own.  It’s not something you can remember so you’ll need to write it down otherwise save it somewhere secure offline.  If someone gets the code and knows your Apple ID, they can reset your iCloud Apple ID password and effectively take over your account. 
    williamlondonAnilu_777pulseimages
  • Reply 5 of 23
    U.S. only :neutral: 
    elijahgappleinsideruserwatto_cobra
  • Reply 6 of 23
    The Recovery Phase or Generated Code should be kept in a Password Manager external to Apple such as Bitwarden, 1Password as an example. I wouldn't Print out the Key or Write it down unless you are planning on storing it in a Safe or Bank Lock Box. 

    Adding a Recovery Contact is recommended. 
    watto_cobra
  • Reply 7 of 23
    M68000M68000 Posts: 531member
    Speaking of security,  side question for anybody about the feature that lets iPhone get wiped after 10 incorrect passcodes.  Does anybody know what happens if the phone is turned off after a few bad codes,  or if the battery drains and phone goes off?   Does the counter reset and go back to 10 attempts or does it remember the few bad codes and continue the countdown?   Of course I could test this,  but easier if somebody knows.  
    edited December 2022 watto_cobra
  • Reply 8 of 23
    This article needs a "Why you shouldn't enable it" section. The comments above have given enough useful information to make a start on that.
    pulseimageswatto_cobra
  • Reply 9 of 23
    U.S. only :neutral: 
    ಠ_ಠ I’m sick of this
    edited December 2022 williamlondonwatto_cobra
  • Reply 10 of 23
    M68000 said:
    Speaking of security,  side question for anybody about the feature that lets iPhone get wiped after 10 incorrect passcodes.  Does anybody know what happens if the phone is turned off after a few bad codes,  or if the battery drains and phone goes off?   Does the counter reset and go back to 10 attempts or does it remember the few bad codes and continue the countdown?   Of course I could test this,  but easier if somebody knows.  
    On BlackBerry it kept counting regardless of whether it was turned off. I’d like to think it’s the same on iOS. 
    watto_cobra
  • Reply 11 of 23
    SHK said:
    Already confused. I was told in the setup screen to "print out your key" but given NO option to actually print.

    Um…

    step 1—screenshot the passcode and save the screenshot to photos. 

    Step 2—print the screenshot and put it wherever you keep your sensitive documents. 

    Go ahead and delete the photo. That will get you through the hard part. 

    appleinsideruserwatto_cobra
  • Reply 12 of 23
    When the pass phrase is generated, does iOS let you copy it?  That would make putting it into a password manager much less error prone.
    watto_cobra
  • Reply 13 of 23
    bluefire1bluefire1 Posts: 1,243member
    It worked fine. It asked for my recovery key which I inputted and had me update all of my Apple devices to 16.2., and then it turned on.
    edited December 2022 williamlondonwatto_cobra
  • Reply 14 of 23
    SHKSHK Posts: 20member
    Does this function eat up any processor resource(s) or otherwise cause a slow down?
    williamlondonlkruppwatto_cobra
  • Reply 15 of 23
    lkrupplkrupp Posts: 10,341member
    Biggest downside.. .forget your key and you’re done for. Not even Apple can pull your butt out of the fire this time. You lose it all... forever. Can’t wait for the wailing and gnashing of teeth on the Apple Discussion Forums from users who lose everything. The place is already packed with “I forgot my Apple ID password” laments. Do you really want to encrypt photos of your dog?
    watto_cobra
  • Reply 16 of 23
    AstroBoy said:
    Doesn’t work in Canada - says “not currently available in your region”. This is most likely US only and would be a good point to add to the article and any timelines on other country role out (if known)

    Not currently available in the UK either. Would have been nice to have known before attempting to activate it.
    watto_cobra
  • Reply 17 of 23
    Can you still access stuff at @icloud.com? If so, how is e2ee handled by the browser?
    watto_cobra
  • Reply 18 of 23
    Can you still access stuff at @icloud.com? If so, how is e2ee handled by the browser?
    Your browser (or any other app on iOS or macOS) would be able to get the data decrypted via APIs that use the Keychain to decrypt the data. You could even write your own apps using Apple's API that would decrypt any data stored in the iCloud. It's unlikely that your app would ever see the keys directly, although there are many types of keys with different security requirements. For example, you would have no problem getting the public verification key or the public encryption keys, which are keys designed to be shared with anyone.
    appleinsideruser
  • Reply 19 of 23
    Can you still access stuff at @icloud.com? If so, how is e2ee handled by the browser?
    Your browser (or any other app on iOS or macOS) would be able to get the data decrypted via APIs that use the Keychain to decrypt the data. You could even write your own apps using Apple's API that would decrypt any data stored in the iCloud. It's unlikely that your app would ever see the keys directly, although there are many types of keys with different security requirements. For example, you would have no problem getting the public verification key or the public encryption keys, which are keys designed to be shared with anyone.
    thanks. So my Apple ID remains sufficient to decrypt, even in the new e2ee world. I guess this is all written up somewhere, for a rainy day read…
  • Reply 20 of 23
    JapheyJaphey Posts: 1,463member
    For some reason it wouldn’t work for me. I just got a popup saying my device was recently added and that I should try again on Jan. 18. Has anyone else experienced this issue? Launch day was three months ago…Not exactly recent, imo. 
Sign In or Register to comment.