The updates are part of Apple’s years-long push to be known as the Big Tech company that cares and does more about its customers’ privacy than its competitors. And they come at a time when the need for this privacy is only that much more obvious. Apple products should no longer be assumed to be safe from hackers, and phishing scams — where you’re tricked into giving your account credentials to a hacker — are only getting more aggressive and convincing. At the same time, most people store a lot of personal and valuable information on cloud servers like iCloud, which only makes them that much more attractive of a target. The more options you have to help lock your data down, the better.The company announced the update , although the upgraded encryption won’t be available until the end of this year for US users and early next year for everyone else. When it does roll out, you’ll have to choose to enable it in your iCloud settings.
Even if you don’t know much about internet security, you’ve probably heard at least something about encryption by this point, as the general public has become more aware of and more services that offer it have popped up. With end-to-end encryption, the data you send to iCloud can’t be read by anyone else as it travels to or from the cloud, nor can Apple see it when it’s stored on their servers. That helps protect your data from hackers who breach Apple’s servers. It’s less clear if you’d be safe from the types of people who notoriously broke into hundreds of iCloud accounts, including Jennifer Lawrence’s, through its website in 2014, but two-factor authentication and Security Keys, another feature that was announced on Wednesday, are specifically designed to protect against such phishing attacks.
Apple’s new security feature will also prevent law enforcement from accessing the data you have in iCloud. That’s why the FBI isn’t happy about Apple’s privacy tools. Law enforcement generally doesn’t like encryption that doesn’t give them a way to easily obtain your data from the third party that’s hosting it, which is something they do a lot. Governments around the world have on tech companies not to do what Apple just did, and Reuters that Apple decided not to allow users to encrypt their iCloud backups after the FBI urged it not to (Apple has denied this).
There’s been plenty of friction between Apple and the Department of Justice for years over Apple’s refusal to create a back door into its devices for law enforcement. In 2016 and in 2020, the DOJ tried to force Apple to help it break into the phones of mass shooters it suspected of having terrorist ties. Both times, Apple refused, and the FBI was (eventually and at great expense) able to hack into the phones without Apple’s help. In the 2020 case, Apple gave the FBI all of the data it had from the shooter’s iCloud account, even as the FBI groused about not being able to access the physical device. Now, with Advanced Data Protection enabled, Apple won’t even be able to give the FBI most of that iCloud data, either.Needless to say, the agency is not a fan of Advanced Data Protection, that it’s “deeply concerned” with the “threat” posed by encryption, and that “the FBI and law enforcement partners need ‘lawful access by design.’” Apple already offered end-to-end encryption for some things in iCloud, including Health data, Apple Card transactions, Keychain passwords, and Safari. This update will add device and iMessage backups, iCloud Drive, Photos, and Notes to the list. The only things that won’t have an end-to-end encryption option are Mail, Contacts, Calendars, and certain types of metadata, which Apple says is due to technical constraints.
Unlike some of Apple’s privacy offerings that users had to pay extra for, these will be available to every Apple customer for free (if you don’t count the fact that Apple devices are generally more expensive than its competitors). That’s obviously good for Apple users who care about cybersecurity and privacy, but it may also be good for users who don’t know much about it or how best to secure their accounts. It may also be good for people who don’t even use Apple products because it’ll put that much more pressure on companies like Google to up its security game and offer these services to its customers, too.If you aren’t an Apple user or just don’t want to put all of your data eggs in Apple’s basket, there are plenty of services out there that offer end-to-end encryption. Instead of Apple’s keychain for your passwords, you can use one of . Messaging like Signal, WhatsApp, and Telegram’s secret chat feature end-to-end encryption for your messages. Proton’s Mail is end-to-end encrypted, as is its . So while Apple isn’t the only company expanding its encryption services, it’s surely the biggest. For a lot of people, it might be the easiest, too, since you’re not switching between various services to do various things: You can add another layer of security to your life with just a tap on your screen.
Update, December 8, 1:30 pm ET: This story has been updated with additional details about how Advanced Data Protection works and Security Keys’ protection against phishing attacks.