iOS 16.3, iPadOS 16.3, and macOS 13.2, the latest versions of the operating systems for iPhone, iPad, and Mac, have brought several security and privacy-related updates. One of the most prominent is the Advanced data protectionwhich applies end-to-end encryption to everything stored in iCloud.
This includes iCloud, Notes, and Photos backups, among others. Things that, until now, were encrypted, but not end to end. The only thing left out of Advanced Data Protection is iCloud Mail, Contacts, and Calendar. Why? In the words of Apple: “they need to interact with the global systems of email, contacts and calendar.”
But what exactly does it mean that your backups, notes, and other content can now be protected by iCloud’s end-to-end encryption? What do you have to do to activate it? How is end-to-end encryption different from the protection techniques that Apple applied until now?
What is iCloud end-to-end encryption
The encryption is an essential tool for protect data and files. This technique makes the information only be accessible by previously entering the password adequate. In this way, if a person intercepts another person’s file, he will not be able to see its contents unless he knows the key to decrypt it.
This approach has been applied to different applications and services for years. Web connections are made, for example, encrypted. Instead of using the HTTP protocol, millions of pages have been using the HTTPS system for years, which encrypts the information exchanged between the web servers and the user’s computer.
Another area that has benefited from encryption is storage of the data we provide to internet services and platforms. In this way, in the event of a leak or unwanted access to the servers of the company in question, the data obtained by the hackers they are unreadable.
This system, however, has a weak link: decryption keys. It is common for Internet services to store such an element in their own systems. They usually do it safely. And it has its benefits. For example: if the user forgets the password, the company can ensure that the user does not lose access to their data.
However, the fact that the providers have these keys in their possession also opens the door to situations in which a person who is not the owner of the data comes to access it. For example:
- If an employee of the company that provides the service decides to enter the company’s own systems to obtain access to data, information or customer accounts and manages to circumvent the protection measures that the company has imposed to avoid it.
- If a hacker accesses both the encrypted files and the keys that protect them.
How to solve this problem? With end-to-end encryption – also called point-to-point. A technique from which millions of users and services as popular as WhatsAppto give an example known to all.
The end-to-end encryption It consists of the fact that the key or password necessary to encrypt or decrypt the messages, files or data is only in the hands of the owner (or in their devices, which stores it locally). That key is never stored on the servers of the company in question. Therefore, no one could manage to decipher the data. Neither the company itself nor any actor who managed to sneak into their systems.
End-to-end iCloud encryption therefore means that all files generated in Apple applications or devices are encrypted locally and uploaded to iCloud In this state. Apple, unlike with standard encryption, would not have the necessary keys on its servers to view the content of those files.
Don’t you ever forget the password
Turning on end-to-end iCloud encryption is a great idea, but it also has its drawbacks. Mainly one, which has to do with the possibility of forget or lose your Apple credentials. That is, the data needed to sign in with your Apple ID. If you forget that password you are lost. You, or rather iCloud content that is encrypted.
As we have seen in other articles, the safest way to save passwords is through a password manager. And it is also convenient to activate the verification in two steps. Thus, in addition to entering the password, you must confirm it’s you who logs in from another device like your iPhone or your Mac.
Anyway, just in case the unexpected happens and we don’t remember the password, when turning on iCloud encryption we can indicate a recovery contact to avoid greater evils. However, this possibility should be saved as a last resort.
How to activate advanced data protection in iOS 16.3
In the United States, end-to-end iCloud encryption for backups and other data hosted on Apple servers has been available since last year. In other countries of the world, on the other hand, it is essential to install iOS 16.3, iPadOS 16.3, and macOS 13.2.
Once the device is updated, in the iCloud settings we will find a new option called Advanced Data Protection. In Spanish, Advanced data protection. But let’s go in parts.
The requirements to activate end-to-end encryption in iCloud are:
- Activate the check double factor for Apple ID.
- Have a set up password for your device.
- have a contact of Recovery of account. The wizard will help you create it.
- have a device compatible:
- iPhone with iOS 16.3.
- iPad running iOS 16.3.
- Mac with macOS 13.2.
- Apple Watch running watchOS 9.3.
- Apple TV with tvOS 16.3.
- HomePod updated to 16.3.
- Windows with iCloud for Windows 14.2.
- Child or Managed Apple IDs or accounts are excluded.
To turn on encryption in iCloud or Advanced data protection on iOS 16.3:
- go to settings.
- Enter your user profile.
- Click on iCloud.
- Click on the option Advanced data protection.
- Click on Activate Advanced Data Protection.
- Follow the instructions. Basically, you will have to enter a recovery method in case you forget the password.
The iCloud recovery method in case of forgetting the password can be a Contact or one wrench. The first is someone you know or a family member you trust who owns a compatible Apple device. They will not have access to your account, they will only be asked if you forget your password. The other option is a recovery key, which is another novelty in iOS 16.3 and consists of a 28-character secret code that you can store on a trusted device. They can be created from iPhone, iPad or Mac once updated.
What is end-to-end encrypted in iCloud with both Advanced and Standard Data Protection?
The following table, taken from the official Apple website, shows what is encrypted from point to point in each case. As explained above, if Apple stores the keys, the encryption is not end-to-end; On the other hand, if these are only saved on trusted devices, then we are talking about end-to-end encryption.
As can be seen in the table, Apple end-to-end encrypts data derived from Health or passwords stored in iCloud Keychain – among others – even if advanced data protection is not activated. If you do, that protection extends to other categories like iCloud backups, iCloud Drive files, or photos.
Services | Key storage with standard data protection | key storage with advanced data protection |
---|---|---|
iCloud Mail | Manzana | Manzana |
Contacts | Manzana | Manzana |
calendars | Manzana | Manzana |
iCloud backup (including device backup and Messages backup) | Manzana | trusted devices |
iCloud Drive | Manzana | trusted devices |
Photos | Manzana | trusted devices |
Notes | Manzana | trusted devices |
reminders | Manzana | trusted devices |
Safari Favorites | Manzana | trusted devices |
Siri Shortcuts | Manzana | trusted devices |
voice notes | Manzana | trusted devices |
Wallet Cards | Manzana | trusted devices |
passwords and keychain | trusted devices | trusted devices |
Health Data | trusted devices | trusted devices |
House data | trusted devices | trusted devices |
Messages in iCloud | trusted devices | trusted devices |
Payment information | trusted devices | trusted devices |
Apple Card transactions | trusted devices | trusted devices |
maps | trusted devices | trusted devices |
QuickType Keyboard Learned Vocabulary | trusted devices | trusted devices |
Safari | trusted devices | trusted devices |
Use time | trusted devices | trusted devices |
Siri Information | trusted devices | trusted devices |
Wi-Fi passwords | trusted devices | trusted devices |
W1 and H1 Bluetooth Keys | trusted devices | trusted devices |
Memoji | trusted devices | trusted devices |