Skip to content

Apple iCloud backups are now end-to-end encrypted

  • by
  • 2 min read

As part of a significant security overhaul in what it calls Advanced Data Protection, Apple is now expanding the number of data categories protected by end-to-end encryption from 14 to 23, meaning your iCloud backups, Notes and Photos, among other things, are now covered. 

Overall, Advanced Data Protection covers the following categories:

  • Device backups
  • Message backups
  • iCloud Drive
  • Notes
  • Photos
  • Reminders
  • Safari bookmarks
  • Siri shortcuts
  • Voice memos
  • Wallet Passes

The company claims that the only important categories not covered under this additional protection are iCloud Mail, Contacts and Calendar as they “need to need to interoperate with the global email, contacts, and calendar systems”.

Apple iCloud backups are now end-to-end encrypted
iMessage Contact Key Verification (left), Advanced Data Protection (middle) and Security Keys for Apple ID (right) | Source: Apple

As for iMessage, in addition to securing your backups with end-to-end encryption, Apple is also improving security with iMessage Contact Key Verification — a feature that can alert you if state-sponsored threat actors have compromised your chats. The company has been working on this feature for some time now, initially announcing it in November last year following its lawsuit against Israeli spyware vendor NSO Group’. 

Customers enrolled in the company’s beta program in the United States will be able to enable Advanced Data Protection starting December 7. The feature will publicly roll out in the US by the end of 2022 and globally in early 2023. 

This is significantly better than the standard data protection, where Apple holds the encryption keys to help customers restore data if needed. However, since end-to-end encryption will only work on trusted devices signed in with the user’s Apple ID, law enforcement agencies or threat actors can’t access your data from Apple’s databases. 

Apple users can also secure their accounts with hardware keys starting in 2023, a significant step towards improving two-step factor authentication support. Additionally, the company is also dropping its plans for scanning child sexual abuse imagery — a planned feature announced in October last year that saw significant backlash from customers and privacy experts alike. 

In the News: Proton Drive finally gets dedicated mobile apps

nv-author-image

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>