iCloud Data Can Now Be Encrypted, but Expect New Risks to Security

Be careful you don’t lose everything

By
Charlie Sorrel
Charlie Sorrel
Charlie Sorrel
Senior Tech Reporter
    Charlie Sorrel has been writing about technology, and its effects on society and the planet, for 13 years.
    lifewire's editorial guidelines
    Published on December 12, 2022 01:56PM EST
    Fact checked by
    Jerri Ledford
    Jerri Ledford
    Fact checked by Jerri Ledford
    • Western Kentucky University
    • Gulf Coast Community College
    Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others.
    lifewire's fact checking process
    Internet & Security
    • Advanced Data Protection for iCloud encrypts almost all your iCloud data.
    • Apple will have no access to your photos or iCloud backups.
    • Nor will it be able to recover your account if you lose your password.
    Encryption, Privacy, Protection, and Security buttons on a keyboard

    Peter Dazeley / Getty Images

    Apple will finally encrypt almost all your iCloud data, including backups, which were a backdoor into iMessages and more. This is a massive step forward for privacy and security, and the FBI isn't a fan of the decision. 

    In the latest versions of macOS and iOS, Apple has enabled encryption for almost everything in iCloud. Previously, while highly sensitive data like your password keychain and your health data was end-to-end encrypted, other things like your Photos and iCloud backups could be accessed by Apple. That gap has now been closed, but you might not want to jump in quite yet. 

    "Similar to Lockdown Mode, the new Advanced Data Protection comes with trade-offs. Whether those trade-offs are worth it is a choice I'm glad Apple lets us make," Martin Algesten, CTO of customer research company Lookback, told Lifewire via direct message.

    Secure Cloud

    Apple's Advanced Data Protection for iCloud is off by default but is a huge boon to anyone who values their privacy, aka everyone. It's available now for beta users in the US, will roll out to everyone in the US with the release of iOS 16.2 and macOS 13.1, and will come to the rest of the world in 2023. 

    Apple is famously hot on privacy and currently encrypts all kinds of data. iMessages are end-to-end encrypted (that is, they can only be read by participants in the conversation), as are the entire contents of your iPhone, iPad, or Mac. But crucially, your iCloud backups are not encrypted. Or rather, they're "encrypted at rest," but Apple has the keys to unlock them. 

    This sounds worse than it is. Cloud-accessible services need to be able to decrypt your data so they can show it to you in the browser. Which brings us to the first downside of enabling Advanced Data Protection for iCloud: You no longer get access to your photos or your iCloud Drive in the browser. At least, not like you do now.

    Apple's Advanced Data Protection feature on iPhone

    Apple

    One side effect of this is that Apple can be compelled, or tricked, into giving access to those backups. And because your backups include your iMessage history, it gives law enforcement a back door into your messages. 

    "[Your] data is unreadable to anyone other than the user. Fears of eavesdropping, theft and government overreach disappear," writes long-time Mac expert and writer Adam Engst on his TidBits blog. "However, the user then has the ultimate responsibility to remember and protect that key, and if something goes wrong, there is absolutely no recourse—without the key, the data is effectively gone."

    This change adds end-to-end encryption to nine new categories of data, including Photos, Notes, Reminders, Voice Memos, and more. 

    But before you switch it on, it's worth considering the benefits and the consequences. 

    Locked Out

    Understandably, the FBI is not happy. It, and other law enforcement agencies, are accustomed to relatively free access to the private data of all law-abiding citizens on the pretext of claiming it needs access to the data of a few suspected criminals. Now, even if Apple wanted to unlock your iCloud data, it couldn’t. In physical terms, it’s like you locked your data in an unbreakable safe, and Apple is simply storing it for you. 

    This also means hackers cannot call up, pretending to be you, and talk an Apple support person into handing them access to your account. At the same time, if you do lose all access to your account, then you’re out of luck. Apple just cannot unlock that data.

    Similar to Lockdown Mode, the new Advanced Data Protection comes with trade-offs.

    This is the first consideration you need to make. Locking access to your iCloud data is a great feature, but is it worth the tradeoff? You will, for example, still be able to access your iCloud Drive via the browser but only on a device that is logged into your account, in which case you don’t need browser access.

    Also, consider that all your iMessage conversations are already duplicated on the devices of the people you sent them to. If their accounts are not similarly locked down, then those messages are all still available. And if you store your photos in iCloud Photo Library, then lose access to your Mac, iPhone, and so on, and also lose your iCloud password, you lose all your photos. 

    This is why Advanced Data Protection for iCloud is off by default. And if you do decide to turn it on, Apple forces you to use an alternative recovery method. You’ll be prompted to either give a trusted person access to recover your account or to generate and write down a 28-character Recovery Key. You should then put that piece of paper in a safe.

    Even if you lose the paper, all is not lost. As long as you have access to one of your devices, you can generate a new one anytime. 

    The security benefits of Advanced Data Protection for iCloud are significant, but so are the risks. As always, it’s a tradeoff, but at least now we have the choice.

    Was this page helpful?