NPR Yesterday wrote a story on the efforts of tech companies to protect consumer data, which included an extensive chart on how companies measure up when it comes to encryption.

While Apple was found to be encrypting iMessage end-to-end, as well as email from customers to iCloud, it was found to be one of the few global email providers based in the U.S. that does not encrypt customer email in transit between providers. That means emails that are sent from iCloud to iCloud are encrypted, but emails sent from iCloud to other providers, such as Gmail, are not encrypted.

Following the post, however, Apple told NPR that it is planning to encrypt those emails in the near future.

Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers. After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses.

As noted by 9to5Mac, Apple's response to NPR mentions only Me.com and Mac.com without a mention of the newer iCloud.com email addresses, but Google's data protection transparency website suggests that outbound iCloud.com emails are not encrypted, so it is likely Apple's plans include changes to the iCloud.com domain as well.

icloudencryption
As noted by NPR, end-to-end encryption of emails sent back and forth between service providers requires cooperation between providers. Both email services involved (such as Apple and Google or Apple and Yahoo) must implement encryption, which means Apple will need to work with other email providers for true end-to-end encryption of iCloud.com email.

NPR's study also noted that many app installations and iOS updates are sent unencrypted to iPhones, as are configuration files sent from telecom companies, and pre-login browsing/shopping traffic from the Apple Store.

Top Rated Comments

iLoveiTunes Avatar
130 months ago
kudos... iCloud is pretty much my primary off-work email these days. Stopped using gmail a while back
Score: 7 Votes (Like | Disagree)
chirpie Avatar
130 months ago
Kudos to NPR, that entire series was a good listen.
Score: 5 Votes (Like | Disagree)
DryHeave Avatar
130 months ago
The NSA has complete access to information anyway, and can easily decrypt it no sweat.
Well that depends what method of encryption you're using. If you're using a one-time-pad xor method with truly random pad data, then unless an attacker has read-access to your one-time pad or you screw up and accidentally use the pad twice, nobody else is going to have even the remotest possible chance of decrypting it — no cryptologist, white hat, black hat, nor NSA, nor aliens, nor even the most advanced computer in the universe running for quadrillions of years, nor even God.

Ok, maybe God. But that's about it. Maybe Q.
Score: 4 Votes (Like | Disagree)
coolfactor Avatar
130 months ago
This article is quite misleading. There's two ways to protect emails in transit:

Method #1 - Encrypt the pipe that the email message travels through. This is basically the whole SSL/TLS discussion that has been in the news lately.

Method #2 - Encrypt the contents of the email message itself. This would allow the encrypted message to pass through non-encrypted pipes and still be safe. But this method is far more complicated, as it requires a certificate+handshake between the sending email client and the receiving email client.

It sounds like Apple will be ensuring that when it connects to another mail server, it will try to use an encrypted pipe, if the other server supports that whereas right now, it doesn't make that effort. That would make sense. The messages themselves won't be magically encrypted as per Method #2. That's up to the end-user to implement.
Score: 4 Votes (Like | Disagree)
2984839 Avatar
130 months ago
Yeah, it would be nice to have *real* encryption so even Apple cannot decrypt our messages and give them to the government.

If Apple is encrypting them with Apple's keys, this has no effect on the government because Apple can simply be ordered to hand them over, just like Lavabit was.

Apple really needs to have customers generate their own keys locally and only pass encrypted data through Apple servers to address the NSL issue. If Apple doesn't hold the keys, they can't surrender them if served with an NSL.
Score: 2 Votes (Like | Disagree)
Westside guy Avatar
130 months ago
Good grief! They don't already do that? :eek:
Google only recently started doing this. Same thing with encryption of data between their own different server farms - twelve months ago they weren't encrypting that, either.

Then Snowden/Greenwald released a talk slide from the NSA showing that tapping those messages between server farms was one of the ways they were intercepting (specifically) Google data. That slide was shown to a pair of Google engineers, who then reportedly responded "oh (expletive)".

Google does deserve credit for moving on this quickly - but all of these companies have been playing catch-up. And really this only addresses spying by national entities. This almost certainly isn't how criminals get hold of people's mail.
Score: 2 Votes (Like | Disagree)

Popular Stories

iOS 17

Troubling iOS 17.5 Bug Reportedly Resurfacing Old Deleted Photos

Wednesday May 15, 2024 5:29 am PDT by
There are concerning reports on Reddit that Apple's latest iOS 17.5 update has introduced a bug that causes old photos that were deleted – in some cases years ago – to reappear in users' photo libraries. After updating their iPhone, one user said they were shocked to find old NSFW photos that they deleted in 2021 suddenly showing up in photos marked as recently uploaded to iCloud. Other...
General Apps Messages

iMessage Down for Some Users [Update: Service Restored]

Thursday May 16, 2024 3:00 pm PDT by
The iMessage service that Apple users to send messages to one another appears to be down for some users, and messages are failing to go out or are taking an extra long time to send. There are numerous reports about the issue on social networks and a spike of outage reports on Down Detector, but Apple's System Status page is not yet reporting an outage. Update: Apple's status page says...
CarPlay Sound Recognition

Apple Previews Three New CarPlay Features Coming With iOS 18

Wednesday May 15, 2024 9:18 am PDT by
Apple today previewed new accessibility features coming with iOS 18 later this year, and this includes some new options for CarPlay. Apple highlighted three new features coming to CarPlay: Voice Control: This feature will allow users to navigate CarPlay and control apps with just their voice. Color Filters: This feature will make the CarPlay interface visually easier to use for...
maxresdefault

Hands-On With the New M4 OLED iPad Pro

Wednesday May 15, 2024 10:40 am PDT by
Today is the official launch day of the new iPad Pro models, and these updated tablets mark the biggest feature and design refresh that we've seen for the iPad Pro in several years. We picked up one of the new 13-inch models to check out everything new. Subscribe to the MacRumors YouTube channel for more videos. When it comes to design, Apple is still offering 11-inch and 13-inch size options ...
iphone 15 pro max vs iphone 16 pro max

iPhone 16 Pro Max Looks This Much Bigger Beside iPhone 15 Pro Max

Thursday May 16, 2024 4:51 am PDT by
This year's upcoming iPhone 16 Pro Max is expected to get a boost in overall size from 6.7-inches to 6.9-inches, and a new image gives us a good idea of how the current iPhone 15 Pro Max compares to what could be Apple's largest ever iPhone. The image above, posted on X by ZONEofTECH, shows a dummy model representing the ‌iPhone 16 Pro‌ Max alongside an actual iPhone 15 Pro Max. Dummy...
Delta Hands On Feature

iPhone Emulators on the App Store: Game Boy, N64, PS1, PSP, and More

Thursday May 16, 2024 12:45 pm PDT by
In April, Apple updated its guidelines to allow retro game emulators on the App Store, and several popular emulators have already been released. The emulators released so far allow iPhone users to play games released for older consoles from Nintendo, Sony, SEGA, Atari, and others. A list of some popular emulators available on the App Store so far follows. Released Delta Delta is...