In December 2022, Apple announced a raft of new user data protection features. The most important was the expanded list of end-to-end encrypted data uploaded to iCloud. In most cases, only the owner of a key has access to it, and even Apple itself won’t be able to read this information. There was also an unofficial announcement: the company mentioned it was dropping its controversial plans for a technology to scan smartphones and tablets for child pornography.
Encryption of iCloud backups
Let’s start with the innovation of most interest. Owners of iPhones, iPads and macOS computers (not all, but more about that below) can now encrypt backup copies of their devices uploaded to iCloud. We’ll try to explain this rather complicated innovation as simply as possible, but there’ll still be plenty of detail as it is really quite important.
All Apple mobile devices upload backups of themselves to iCloud by default. This extremely useful feature helps restore all data to a new device as it was on the old one at the time of the last backup. In some cases, such as if your smartphone is lost or broken, it’s the only way to access family photos or work notes. You’ll likely have to pay extra for this feature: Apple provides a mere 5 GB of cloud storage for free, which fills up fast. You either have to buy extra gigabytes or choose what data to back up: for example, you might exclude music, video, and other heavy files.
Apple has always encrypted backups on its servers, but in such a way that both the company and the user had the decryption key — so backups were only protected from hacks against the company’s servers themselves. The December update of Apple operating systems introduced a new end-to-end encryption feature whereby data remains encrypted all the way from sender to recipient.
This kind of encryption is of most relevance to communication tools — especially messengers. Its presence shows that the developer cares about data confidentiality; for example, Apple’s own messaging service, iMessage, has long used end-to-end encryption. The convenience of end-to-end encryption depends on its implementation. For instance, in Telegram most chats are unencrypted and accessible on all devices connected to the account, but you can create a separate “secret” chat with another user; this exists only on the device on which you initiated the encrypted chat, and its content is visible only to you and your chat partner, no one else.
But back to backups. By default, Apple backups save all information on your device, including iMessage correspondence. What’s of note here is that, although iMessage communication is encrypted end-to-end, if an attacker somehow manages to get a backup copy of your phone, they’ll be able to read your message history. Plus, they’ll have access to a huge amount of other data: photos, documents, notes, and so on. It is this potential security hole that Apple has fixed.
With end-to-end encryption of backups, you’re the only sender and recipient of data, and only you have access to the key to decrypt it. If the algorithm is implemented correctly, Apple won’t be able to decrypt your data even if it wants to. Someone who gets hold of your Apple ID without knowing the encryption key won’t be able to steal your data either.
The new setting is called Advanced Data Protection, and it looks as follows:
It’s important to note that, once the feature is enabled, you and only you are responsible for access to your data: if you lose the encryption key, even Apple support would be powerless to help. That’s why the new privacy setting will be voluntary: if you decide not to activate it, your backups will still be available to Apple and could be stolen by intruders if, say, your Apple ID is hacked.
Incidentally, Advanced Data Protection cannot be activated on a device recently added to your Apple ID. After all, if someone gets hold of your Apple ID and activates end-to-end encryption on their smartphone, you’ll lose access to your data. Even if you manage to restore access to your account, you won’t have the encryption key! Therefore, if you just bought a new Apple device, you can only enable Advanced Data Protection from the previous one.
End-to-end encryption of other data
Apple’s new feature is not limited to just smartphone, tablet, and laptop backups. Photos and notes will also be encrypted. It’s possible that this list will grow, but for now Apple is talking about strong protection for 23 categories of data, without specifying which. Previously, end-to-end encryption was used for 14 categories, including iMessage chats, Keychain passwords, and all health-related data, such as readings from Apple Watch sensors.
But we do know what end-to-end encryption definitely won’t be used for: iCloud mail, calendars, and contacts. According to Apple, this is to ensure compatibility with other developers’ systems.
Hardware security keys for Apple ID authentication
Even with end-to-end encryption implemented, access to many types of data on your iPhone, iPad or Mac is through your Apple ID account. If an attacker manages to gain access to it, they’ll be able to restore your backup on their device (which is what Advanced Data Protection prevents) and track your location using Find My.
A common way to steal your Apple ID credentials is phishing. Having stolen your iPhone, the thieves can’t just resell it, except perhaps for parts. They must enter your Apple ID to unlink the phone from it, after which a new owner can register it. And when you’re desperately trying to find your phone (for example, using Find My iPhone), you’re very easily duped: strange text messages seemingly from Apple arrive at the contact number you specified, with a link to sign in with your Apple ID. Instead of Apple’s website, you go to a plausible imitation and enter your credentials, which fall straight into the cybercriminals’ hands. Alas, sometimes even two-factor authentication (which requires an additional code) doesn’t help. The phishing page may consider this protection method and ask you for a one-time verification code.
A hardware security key (a separate device like a flash drive) greatly reduces the likelihood of falling for phishing. In this case, for Apple ID authentication, you either put the NFC key near the device, or insert it into the Lightning or USB-C connector. All data is exchanged in encrypted form only with Apple’s servers. It’s almost impossible for a fake phishing site to successfully imitate this kind of authentication.
Additional protection for iMessage
Another minor innovation concerns Apple’s native messenger. After the update, it will warn you if a third party can see messages between you and another user. The details aren’t yet known, but the feature is expected to counter the most sophisticated attacks, such as man-in-the-middle ones. If that happens, you’ll get a warning about possible eavesdropping right in the chat. What’s more, iMessage Contact Key Verification users will be able to compare the verification code either (i) when actually meeting the person with whom you’re messaging, (ii) on FaceTime, or (iii) in another messenger app.
iMessage Contact Key Verification will be useful to potential victims of sophisticated and expensive cyberattacks: journalists, politicians, celebrities, etc. Ordinary users are more likely to be inconvenienced by it, like the previously unveiled Lockdown Mode. In any case, it will be available to everyone.
When will the new features be available?
The most useful feature — Advanced Data Protection — already went live on December 13, 2022. To use it, you need to update all devices linked to your Apple ID account; the minimum operating system requirements are:
- iPhone — iOS 16.2 or later
- iPad — iPadOS 16.2 or later
- Mac — macOS 13.1 or later
- Apple Watch — watchOS 9.2 or later
- Apple TV — tvOS 16.2 or later
- HomePod speakers — version 16.0 or later
- Windows computers with iCloud for Windows — version 14.1 or later
If just one device doesn’t support the right version (for example: iPhone 7 and earlier; 4th-generation and lower iPads), you won’t be able to enable Advanced Data Protection until you unlink it from your account. Incidentally, the current version of macOS — Ventura — supports most devices released since 2017.
Apple hasn’t named the launch dates for the other features, stating only that they’ll be coming some time this year.
Scanning devices for child pornography scrapped
Lastly, another important change was more… whispered than announced: an Apple spokesperson only mentioned briefly in an interview that the company no longer plans to implement CSAM Detection, which we’ve already written about. Recall that, in August 2022, Apple announced a technology for detecting child pornography on devices. The more correct legal term, which Apple used, is Child Sexual Abuse Material (CSAM). The idea was that all Apple devices would carry out background scanning of images, and if any matched the database of child pornography images, the company would be notified and tip off the law enforcement agencies.
Although Apple insisted that CSAM Detection would not violate the privacy of ordinary users with nothing illegal on their devices, the initiative was still criticized. Apple’s promises of “minimal likelihood of false positives” didn’t help: in any case, the feature turned out to be extremely non-transparent and, a first, implemented directly on the device — not in the cloud system that Apple itself manages, but on the phone or tablet. Apple critics, such as the US non-profit Electronic Frontier Foundation, rightly pointed out that the noble goal of preventing the spread of child pornography could easily morph into scanning devices for any content.
Advances in data privacy
Apple’s introduction of end-to-end encryption for the most sensitive user data and scrapping of controversial scanning technology show that the company really does care about user privacy. And enabling Advanced Data Protection will greatly reduce the chances of data theft from an iCloud hack. Moreover, Apple won’t be able to hand over your data at the request of law enforcement. At present, the company can do this in respect of all accounts where any information is uploaded to the cloud.
In addition, we mustn’t forget that, for any security measure, sooner or later a hacking technique will be found. Even in end-to-end encryption technology vulnerabilities can crop up, and Apple innovations always get put to the most stringent test by both conscientious security researchers and cybercriminals. But it’s important to remember that no amount of encryption will help if someone gains access to your unlocked Apple device.
And while Apple’s innovations are certainly useful, they will cause the user some inconvenience. If you lose the decryption key, your data is lost forever. And if you lose your only Apple device, you may have problems restoring your data to a new one. So, we recommend taking a timeout to fully consider the new features and whether they’re right for you.