Apple has announced it plans to introduce advanced security features aimed at protecting threats to cloud-based user data.
Apple has introduced iMessage Contact Key Verification and support for physical security keys, but our focus is the third new security feature, Advanced Data Protection for iCloud. This feature uses end-to-end encryption to provide ‘Apple’s highest level of cloud data security’ to further protect iCloud data, including iCloud Backup, Photos, Notes and more. This means that this effectively provides end-to-end encryption for photos saved in iCloud.
Data Protection isn’t new for Apple. The company has included end-to-end encryption on iPhone, iPad and Mac for years. Adding it to iCloud, however, provides the most advanced data security for iCloud to date. If users opt-in, Advanced Data Protection will protect ‘most’ iCloud data, even if there’s a data breach to the iCloud service or requests from government authorities. With end-to-end encryption, Apple wouldn’t have the means to unlock the encrypted iCloud backups, even if presented with a warrant.
iCloud has previously protected 14 sensitive data categories using end-to-end encryption by default, such as passwords in iCloud Keychain and Health data. When the new Advanced Data Protection is enabled, the number of data categories with end-to-end encryption rises to 23, including iCloud Backup, Notes and Photos. Some major data categories remain omitted, including iCloud Mail, Contacts and Calendar. Apple says these data categories aren’t included because they need to ‘interoperate with the global email, contacts, and calendar systems.’
Apple notes these improved protections are needed more urgently than ever. A new report published yesterday, ‘The Rising Threat to Consumer Data in the Cloud,’ explains some startling data. Experts point out that data breaches more than tripled between 2013 and 2021, which exposed a whopping 1.1 billion personal records just in 2021 alone. End-to-end encryption is an important weapon to defend against data breaches.
End-to-end encryption for Photos on the iCloud joins some existing high-security photo services. For example, Slik Photos, which is available now on iOS and macOS and coming soon to Android and Windows, is a service that promises end-to-end encryption and automatic backups and multi-device syncing for photos, videos and Live Photos. It currently requires interested users to join a waitlist. There’s also Textile, an invite-only app for Android and iOS that lets users sync, share and secure personal photos on a decentralized IPFS protocol for secure peer-to-peer sharing.
Advanced Data Protection for iCloud is available in the US today for members of the Apple Beta Software Program. The rest of US users will be able to opt in by the end of the year. The feature will roll out globally in early 2023.