Advanced Data Protection will complicate new device setup this Christmas
Users who have already enabled Advanced Data Protection will have a more complicated device setup process than normal this holiday season, especially for new HomePod and Apple Watch owners. Here's why.
Advanced Data Protection launched with iOS 16.2
End-to-end encryption across iCloud backups, photos, iMessage , and several more categories is an obvious benefit of Advanced Data Protection. This increased level of privacy and security will drive tech-savvy users to enable the feature ASAP, but it does come with some inconveniences.
Apple says that products must be running the latest operating system updates in order to be signed into an Apple ID with Advanced Data Protection. Otherwise, these products could potentially mishandle the new service keys generated by the feature.
Apple's support document specifies the issue below.
Products that can't be interacted with unless they are attached to an Apple ID create a different problem. The Apple Watch and HomePod both need to be attached to an account before they can be configured and updated, so users must handle setup a different way.
The most simple option is to turn off Advanced Data Protection, set up the new device, get it updated, then turn Advanced Data Protection back on. This method can be used for setting up new iPhones, iPads, etc. as well if the user wants to avoid the awkward setup procedure mentioned earlier.
Another option would be setting up the products on an Apple ID that doesn't have Advanced Data Protection enabled. Perhaps that would mean setting up a "dummy" account just for this purpose or using a spouse's account to get the product set up. However, that may be complicated as a HomePod can only be set up by the Apple Home Organizer, so keep that in mind.
We recommend turning off Advanced Data Protection for the brief time it takes to set up new products. However, turning off the feature then adding a new product introduces another small complication.
New products can't toggle Advanced Data Protection right away
To prevent a malicious actor from enabling Advanced Data Protection after hacking a user's account from a new device, Apple has applied a limit to the feature. New products won't be able to turn on Advanced Data Protection for a month or so after being added. However, that doesn't prevent other devices from turning it on.
For example, a user with a new iPad would turn off Advanced Data Protection on their iPhone, set up the new iPad, update the new iPad, then turn on Advanced Data Protection from their iPhone. If they attempt to enable the feature from the iPad, they would be stopped by an alert.
This complexity of setting up new products will only be a temporary issue. Eventually, all products purchased new will have updates beyond iOS 16.2, macOS Ventura 13.1, etc. already installed, which will enable new device setup with Advanced Data Protection enabled.
Read on AppleInsider
Advanced Data Protection launched with iOS 16.2
End-to-end encryption across iCloud backups, photos, iMessage , and several more categories is an obvious benefit of Advanced Data Protection. This increased level of privacy and security will drive tech-savvy users to enable the feature ASAP, but it does come with some inconveniences.
Apple says that products must be running the latest operating system updates in order to be signed into an Apple ID with Advanced Data Protection. Otherwise, these products could potentially mishandle the new service keys generated by the feature.
Apple's support document specifies the issue below.
That means any new iPhone, iPad, Mac , Apple TV, Apple Watch, or HomePod must be up to date before being added to an Apple ID. That's not a direct issue for products that can be updated without an Apple ID, but it will create some complications for setup.Devices where the user is signed in with their Apple ID must be updated to iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2, and the latest version of iCloud for Windows. This requirement prevents a previous version of iOS, iPadOS, macOS, tvOS, or watchOS from mishandling the newly-created service keys by re-uploading them to the available-after-authentication HSMs in a misguided attempt to repair the account state.
Setting up new products while using Advanced Data Protection
An iPhone, iPad, Mac, and Apple TV can be set up without an Apple ID attached. So, users with Advanced Data Protection enabled can turn on the new product, select an option that says something like "Sign into an Apple ID later," and then get the device up to date in Settings.Products that can't be interacted with unless they are attached to an Apple ID create a different problem. The Apple Watch and HomePod both need to be attached to an account before they can be configured and updated, so users must handle setup a different way.
The most simple option is to turn off Advanced Data Protection, set up the new device, get it updated, then turn Advanced Data Protection back on. This method can be used for setting up new iPhones, iPads, etc. as well if the user wants to avoid the awkward setup procedure mentioned earlier.
Another option would be setting up the products on an Apple ID that doesn't have Advanced Data Protection enabled. Perhaps that would mean setting up a "dummy" account just for this purpose or using a spouse's account to get the product set up. However, that may be complicated as a HomePod can only be set up by the Apple Home Organizer, so keep that in mind.
We recommend turning off Advanced Data Protection for the brief time it takes to set up new products. However, turning off the feature then adding a new product introduces another small complication.
New products can't toggle Advanced Data Protection right away
To prevent a malicious actor from enabling Advanced Data Protection after hacking a user's account from a new device, Apple has applied a limit to the feature. New products won't be able to turn on Advanced Data Protection for a month or so after being added. However, that doesn't prevent other devices from turning it on.
For example, a user with a new iPad would turn off Advanced Data Protection on their iPhone, set up the new iPad, update the new iPad, then turn on Advanced Data Protection from their iPhone. If they attempt to enable the feature from the iPad, they would be stopped by an alert.
This complexity of setting up new products will only be a temporary issue. Eventually, all products purchased new will have updates beyond iOS 16.2, macOS Ventura 13.1, etc. already installed, which will enable new device setup with Advanced Data Protection enabled.
Read on AppleInsider
Comments
Your phone, your choice.
Ok ... looked it up on Apple Support: https://support.apple.com/en-us/HT212520
That makes it easy. Unless all of your Apple devices that use the same Apple ID for iCloud are compatible with ADP, you can't use it. Anywhere. It also kills web access to iCloud data. Of course this makes sense from a security perspective, but it excludes a heck of a lot of existing Apple customers from being able to use ADP at all. I guess I'll check back in a few years after all of my older and unsupported devices buy the farm and go on to the big recycling center in the sky.
1. I forgot my Apple ID password
2. I forgot my Apple ID
3. I forgot my iPhone passcode
4. How do I turn off 2FA
5. I forgot my Firmware password
Now add I forgot my ADP password to the list and watch the reaction when told there is no reset, no workaround, no bypass, Apple can’’t help you, and your data is lost forever with no possibility of ever getting it back.
The average user does not need ADP, should not activate ADP, and will eventually rue the day they did.
https://support.apple.com/en-us/HT212523
It's opt-in and not on by default. That should eliminate the masses that don't know what they're doing. This a great feature and I'm glad Apple finally made this move.
Support becomes easy... "Hi Apple, I forgot my password.". "Apple: Do you have ADP turned on?", "Customer: Yes". "Apple: Sorry, wish I could help".
It's probably not for the average person that doesn't care about their data so much. For those that do, this is a great thing.
Thanks for the clarification!
Is Apple abandoning having a key for such accounts ...?
How does Siri 'learn from this app' and CoreML factor in ?
It would be even better if it could be supported asap at a broader (aka 3 versions) of the various operating environments...
Of note mail (email) appears excluded...
: o