Apple iCloud users will get end-to-end encryption (E2EE) for their cloud backups next year, if they opt in to the company's Advanced Data Protection program.
The ADP is in beta testing in the United States currently, and will roll out to the rest of the world early 2023, Apple said.
If users opt in to ADP, they will get E2EE for 23 data categories, which Apple's head of security engineering and architecture, Ivan Krstić said gives users the choice to protect the vast majority of their sensitive iCloud data, allowing it to be decrypted only on their trusted devices.
iCloud Backup, Notes and Photos are among the new E2EE protected categories if ADP is enabled; Apple's iCloud Keychain password and login and Health data are already protected by E2EE.
Messages Backup, iCloud Drive, Reminders, Safari bookmarks, Siri shortcuts, Voice memos and Wallet passes will also be covered by E2EE, which means Apple will not have the decryption keys for the data categories.
Users must set up recovery methods in case they lose their passwords and other authentication methods, to access the E2EE protected data.
Due to interoperability requirements with third-party systems, iCloud Mail, Contacts and Calendar are some of the major data categories that will remain not covered by E2EE.
The additional protection offered by ADP means data is protected even if Apple iCloud security is breached.
Until today, police forces and law enforcement agencies around the world that have requested iCloud backups have been able to access the information in them.
The ability to opt-in to encrypted iCloud backups is a really big win for users and bad news for law enforcement, who loved to request iCloud backups to save them the trouble of breaking into a phone.— Eva (@evacide) December 7, 2022
Speaking to the Wall Street Journal, Apple's vice president of software engineering, Craig Federighi, said he believes the extended E2EE will be available in China as well.
This despite Apple restricting its AirDrop feature in China, which dissidents have used to share information with each other.
The move to cover more iCloud data with E2EE is part of a security strengthening effort by Apple.
As part of this effort, exposed users can opt in to use iMessage Contact Key Verification, a security feature similar to that of messaging application Signal.
iMessage Contact Key Verification lets users compare a code in person, on FaceTime or other secure calls, to authenticate each other.
If enabled, the security feature also provides automatic alerts if an advanced adversary such as state-sponsored attackers have breached cloud servers, and inserted itself in a man-in-the-middle position to eavesdrop on encrypted communications.
Users can also opt in to use third-party hardware security keys under the ADP, which provide authentication at the device level instead of remotely.
Security Key for Apple ID is aimed at protecting users from their two-factor authentication codes being captured, and is aimed at exposed people such as celebrities, journalists, activists, and government officials.