IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Apple steps up user security with end-to-end encryption for iCloud

Apple’s new data protection feature comes as users contend with an increasingly sophisticated threat landscape

Apple has announced it will begin allowing users to secure data backed up to their iCloud using end-to-end encryption.  

The feature, dubbed Advanced Data Protection for iCloud, will debut for users participating in the company’s beta software programme. The tech giant revealed the feature will be available for US-based users by the end of 2022 and will roll out globally early next year.  

At present, Apple offers end-to-end encryption for data already stored in its cloud platform, including passwords, credit card and payment details, and health-related data.  

The advanced feature will extend this protection, allowing users to back up other sensitive information such as photos, notes and iCloud backups.  

This change will not cover all data, however. The company has confirmed that contacts, calendar information and email info will not be encrypted.  

Craig Federighi, Apple’s senior vice president of software engineering said the new privacy features are a signal of Apple’s “unwavering” commitment to providing users with the “best data security in the world”.  

“We constantly identify and mitigate emerging threats to their personal data on device and in the cloud,” he said.  

“Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications.” 

Initially, Apple users will be required to opt-in to the new feature and granted a specific encryption key which will be stored on their device.  

Ivan Krstic, Apple’s head of security engineering and architecture, revealed that a key benefit of the Advanced Data Protection feature is that it will ensure iCloud data will be protected in the event of a cloud breach.  

“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices,” he said.  

However, Jamie Akhtar, CEO & co-founder of CyberSmart, warned that the proposed opt-in requirement could leave users unprotected and place responsibility for data protection in their hands.  

Related Resource

Getting board-level buy-in for security strategy

Why cyber security needs to be a board-level issue

Intercity 'Getting board-level buy-in for security strategy' whitepaper coverFree Download

"With increased cybersecurity awareness among the general public, cultivating digital trust is imperative to business survival. Apple has long been the exemplar of this, having time and again invested in its user security,” he said. 

“Unfortunately, the downside of Apple’s latest measures is the requirement for users to ‘opt-in’ which will likely leave many unprotected as the onus is on them to take action,” Akhtar added. 

Similarly, Tony Sabaj, mobile security expert at Check Point Software noted that the added layers of security - including encryption keys - could inhibit users.  

“This added layer of security is not without drawbacks as the end user is now responsible for storing, backing up and securing their own encryption keys,” he explained.  

“From our experience in mobile security, even though Apple is taking steps to improve privacy, malicious apps, text/iMessage phishing and zero day threats will be unaffected by these measures.” 

In a thread on Twitter, Matthew Green, professor of cryptography at Johns Hopkins University, said the encryption move “sets the standard on what secure consumer cloud backup looks like” and marks an important precedent for users globally. 

“Even as an opt-in feature, this move will have repercussions all over the industry as competitors chase them,” he said. 

Bolstering data security

The move by Apple forms part of a broader strategy focused on bolstering security, with the company adding that the releases come “as threats to user data become increasingly sophisticated and complex”. 

Research conducted by Apple found that the number of data breaches has more than tripled between 2013 and 2021. In addition, the study found that 1.1 billion personal records were exposed globally during 2021 alone.  

In 2023, the company plans to begin supporting the use of hardware keys to improve two-factor authentication. Similarly, toward the end of 2023, Apple also plans to launch a feature called ‘iMessage Contact Key Verification’.  

This new feature will enable users to confirm they are interacting with an intended contact. The verification scheme will also issue users with a warning if they are communicating with a contact or individual with “compromised” iMessage infrastructure.  

Melissa Bischoping, endpoint security research director at Tanium, welcomed the move as a positive step to ensure that users are safeguarded amidst escalating global security threats.  

“Apple has introduced these important security features to keep pace with the threat landscape and threats to privacy,” she said.  

“By leveraging these features, you can know that your data is encrypted; even if the company holding the data is breached, you have additional assurance that you will not be a secondary victim. I am hopeful that this trend continues, as these protections are essential for reducing the secondary victimisation of a services' users after a data breach.” 

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

Apple issues patch for macOS security bypass vulnerability
Security

Apple issues patch for macOS security bypass vulnerability

20 Dec 2022
Apple issues fix for ‘actively exploited’ WebKit zero-day vulnerability
Security

Apple issues fix for ‘actively exploited’ WebKit zero-day vulnerability

14 Dec 2022
Apple and AMD will both be 'major customers' of TSMC's new Arizona fabs
Hardware

Apple and AMD will both be 'major customers' of TSMC's new Arizona fabs

7 Dec 2022
Android vs iOS: Which mobile OS is right for you?
Mobile

Android vs iOS: Which mobile OS is right for you?

30 Nov 2022

Most Popular

Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023