Today, Apple released iOS/iPadOS 16.2 and macOS 13.1. The most significant cybersecurity feature in this release is Advanced Data Protection (ADP).
What is this?
Basically, Apple has extended End-to-End-Encryption (E2EE) to more categories of data stored on iCloud from 14 to 23. E2EE means that Apple does not have the decryption keys to your encrypted data stored on iCloud. As a result, it will be technically impossible for Apple to see what you store on iCloud, even if they are compelled by the government. That means even if hackers breach Apple’s servers, they will not be able to steal your data stored on iCloud because only your devices hold the decryption keys.
Note: You must turn on ADP to get the extra protection. This feature is currently only available in the United States. Other countries will have to wait for its availability. ETA is early 2023.
These are some of the additional data categories that are now under E2EE in ADP:
Previously, iCloud Backup was not under E2EE. That means in the past, Apple was able to access backups of your iOS/iPadOS devices on iCloud. That was the loophole that allowed Apple to cooperate with law-enforcement officials in uncovering what was inside the iOS/iPadOS devices of individuals. If ADP is turned on, Apple will no longer have access to the backups.
Also, with ADP, all of Notes will be under E2EE. Previously, only selected locked notes are under E2EE.
Previously, photos stored on iCloud Photos were not under E2EE. That means Apple could see all your private photos stored on iCloud. If ADP is turned on, all iCloud Photos will be under E2EE. That means Apple will not be able to see all your photos stored there.
Your files that are stored on iCloud Drive will now be under E2EE too with ADP.
What is NOT protected with E2EE under ADP?
The only major iCloud data categories that are not covered [by E2EE] are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.
Although this is good news for most users, not everyone will be pleased. Particularly, child safety advocates will not welcome this news because under ADP, iCloud Photos will be a haven for shady people storing Child Sexual Exploitation Materials (CSEM).
Law-enforcements will also not be happy to lose access to iCloud Backups because this is their only means to access the content of individuals’ devices without having to hack into it.