Apple to bring end-to-end encryption for iCloud Backups with Advanced Data Protection
Apple has announced its plans to support end-to-end encryption for iCloud Backups. A couple of new security features are coming to users next year.
Apple adds end-to-end encryption for iCloud Backups
You're probably thinking, "Wait! They didn't have encryption for iCloud backups before this?" That's a perfectly logical reaction, and the answer is yes, and no. Apple does encrypt iCloud backups, but these are not completely end-to-end encrypted (only some data are). What does that mean? It means that the Cupertino company has the decryption key required to access part of your data on the cloud.
This can be dangerous, especially when law enforcement is involved. Let's say the Police, or some Government agency like the FBI, manages to get a court order against a user, they could force Apple to hand over the decryption key to access a user's data, and the tech giant would have no other option but to comply with the law.
That changes now, with end-to-end encryption for iCloud backups, your data will not only be encrypted before it leaves your device, but only you have access to the encryption key. More power to the user, yay!
End-to-end encryption isn't something new to Apple, it has implemented the security feature in iMessage and FaceTime since they were launched. It says that it also uses E2E to protect 14 sensitive data categories such as passwords iCloud Keychain and Health data.
Advanced Data Protection for iCloud
Apple is calling its new security measure for iCloud as Advanced Data Protection. Per the announcement it will be an opt-in feature, so the user will have to enable a setting, and choose what they want to protect.
The new implementation will allow users to secure a total of 23 data categories including iCloud Backup (Device Backup + Messages Backup), iCloud Drive, Photos, Notes, Reminders, Safari, Bookmarks, Siri Shortcuts, Voice Memos, Wallet Passes, Passwords and Keychain, Health data, Home Data, Messages in iCloud, Payment information, Apple Card Transactions, Maps, QuickType Keyboard learned vocabulary, Safari, Screen Time, Siri information, Wi-Fi passwords, W1 and H1 Bluetooth keys, and Memoji.
The company says that iCloud Mail, Contacts, and Calendar will not be end-to-end encrypted because these data are used for global email, contacts, and calendar systems. This makes sense since users may have to use third party email clients, and other apps for office work, school, etc., encrypting such data will prevent users from accessing them through other means.
Advanced Data Protection for iCloud is already available for users in the US now, providing that they have opted into the Apple Beta Software Program. It will be available for all users in the U.S. by the end of the year, and will roll out globally in early 2023. The feature will debut with iOS 16.2, iPadOS 16.2 and macOS 13.1 for iPhones, iPads and Mac computers.
Note: If you enable Advanced Data Protection, your data will only be accessible on your account, since only you have access to the encryption key. Apple cannot help you recover the data if you forget the password. Users will have to use your device passcode or password, a recovery contact, or a personal recovery key.
Apple has outlined the differences between Standard Data Protection and Advanced Data Protection on a support page. It states that some metadata and usage information that is stored in iCloud will remain on Apple's servers even if Advanced Data Protection is enabled by the user. This includes dates and times when you created or modified a file, type of file, file size, checksums of files, photos, videos, etc. This metadata is encrypted, but the keys are stored on Apple's servers. That's not great, but the company is working on a way to support end-to-end encryption for such metadata for users who have enabled Advanced Data Protection.
iMessage Contact Keys
Apple has introduced another new security feature called iMessage Contact Key Verification. This will help users to verify that their contact is the person that intended to talk to, and not some impersonator or spy. The company says that it will help protect journalists, activists, government officials, etc., who may be targeted by sophisticated cyberattacks. Lockdown mode in macOS 13 iPad OS 16 and iOS 16 were designed to protect users from such threats.
iMessage's users will be able to compare a Contact Verification Code in person, on FaceTime, or through a secure call. When a user has enabled iMessage Contact Key Verification, they will receive automatic alerts when a hacker manages to breach the cloud servers, and adds their own device to spy on the conversation.
Apple will start supporting iMessage Contact Key Verification worldwide in 2023.
Security Keys for Apple ID
Users will soon be able to use physical security keys as a form of two-factor authentication, to sign in to their Apple ID securely. The feature will support FIDO compliant hardware security keys, that can be plugged in to the device, and NFC keys.
Security Keys for Apple ID will be available globally in early 2023.
Images courtesy: Apple
I'm not a fan of Apple's recent shenanigans related to ads on the App Store, but these security improvements are a step in the right direction.
What do you think about these new security measures?Advertisement