Apple Plans to Encrypt iCloud Email in Transit Between Providers

by

NPR Yesterday wrote a story on the efforts of tech companies to protect consumer data, which included an extensive chart on how companies measure up when it comes to encryption.

While Apple was found to be encrypting iMessage end-to-end, as well as email from customers to iCloud, it was found to be one of the few global email providers based in the U.S. that does not encrypt customer email in transit between providers. That means emails that are sent from iCloud to iCloud are encrypted, but emails sent from iCloud to other providers, such as Gmail, are not encrypted.

Following the post, however, Apple told NPR that it is planning to encrypt those emails in the near future.

Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers. After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses.

As noted by 9to5Mac, Apple's response to NPR mentions only Me.com and Mac.com without a mention of the newer iCloud.com email addresses, but Google's data protection transparency website suggests that outbound iCloud.com emails are not encrypted, so it is likely Apple's plans include changes to the iCloud.com domain as well.

icloudencryption
As noted by NPR, end-to-end encryption of emails sent back and forth between service providers requires cooperation between providers. Both email services involved (such as Apple and Google or Apple and Yahoo) must implement encryption, which means Apple will need to work with other email providers for true end-to-end encryption of iCloud.com email.

NPR's study also noted that many app installations and iOS updates are sent unencrypted to iPhones, as are configuration files sent from telecom companies, and pre-login browsing/shopping traffic from the Apple Store.

Top Rated Comments

(View all)
Avatar
83 months ago
kudos... iCloud is pretty much my primary off-work email these days. Stopped using gmail a while back
Score: 7 Votes (Like | Disagree)
Avatar
83 months ago
Kudos to NPR, that entire series was a good listen.
Score: 5 Votes (Like | Disagree)
Avatar
83 months ago

The NSA has complete access to information anyway, and can easily decrypt it no sweat.

Well that depends what method of encryption you're using. If you're using a one-time-pad xor method with truly random pad data, then unless an attacker has read-access to your one-time pad or you screw up and accidentally use the pad twice, nobody else is going to have even the remotest possible chance of decrypting it — no cryptologist, white hat, black hat, nor NSA, nor aliens, nor even the most advanced computer in the universe running for quadrillions of years, nor even God.

Ok, maybe God. But that's about it. Maybe Q.
Score: 4 Votes (Like | Disagree)
Avatar
83 months ago
This article is quite misleading. There's two ways to protect emails in transit:

Method #1 - Encrypt the pipe that the email message travels through. This is basically the whole SSL/TLS discussion that has been in the news lately.

Method #2 - Encrypt the contents of the email message itself. This would allow the encrypted message to pass through non-encrypted pipes and still be safe. But this method is far more complicated, as it requires a certificate+handshake between the sending email client and the receiving email client.

It sounds like Apple will be ensuring that when it connects to another mail server, it will try to use an encrypted pipe, if the other server supports that whereas right now, it doesn't make that effort. That would make sense. The messages themselves won't be magically encrypted as per Method #2. That's up to the end-user to implement.
Score: 4 Votes (Like | Disagree)
Avatar
83 months ago

Yeah, it would be nice to have *real* encryption so even Apple cannot decrypt our messages and give them to the government.


If Apple is encrypting them with Apple's keys, this has no effect on the government because Apple can simply be ordered to hand them over, just like Lavabit was.

Apple really needs to have customers generate their own keys locally and only pass encrypted data through Apple servers to address the NSL issue. If Apple doesn't hold the keys, they can't surrender them if served with an NSL.
Score: 2 Votes (Like | Disagree)
Avatar
83 months ago

Good grief! They don't already do that? :eek:

Google only recently started doing this. Same thing with encryption of data between their own different server farms - twelve months ago they weren't encrypting that, either.

Then Snowden/Greenwald released a talk slide from the NSA showing that tapping those messages between server farms was one of the ways they were intercepting (specifically) Google data. That slide was shown to a pair of Google engineers, who then reportedly responded "oh (expletive)".

Google does deserve credit for moving on this quickly - but all of these companies have been playing catch-up. And really this only addresses spying by national entities. This almost certainly isn't how criminals get hold of people's mail.
Score: 2 Votes (Like | Disagree)

Top Stories

New Photos Offer Better Look at iPhone 12 Color Options

Tuesday October 20, 2020 2:34 am PDT by
As we wait for the iPhone 12 review embargo to lift later today, more pictures are circulating of the devices in real-world lighting conditions, providing a better look at the different colors available. Leaker DuanRui has shared images on Twitter of the iPhone 12 in white, black, blue, green, and (PRODUCT)RED. The black and white colors are similar to the iPhone 11 colors, but the other...

iPhone 12 Pro in Graphite and iPhone 12 in Blue Shown Off in Unboxing Videos

Monday October 19, 2020 8:20 am PDT by
While the iPhone 12 Pro does not launch until Friday, we now have an early unboxing video of the device courtesy of Twitter account DuanRui, providing a closer look at the shiny new flat-edge design and sleek Graphite color option. Ben Geskin re-uploaded the unboxing video to YouTube, which we've embedded below: Geskin has also uploaded an unboxing video of the iPhone 12 in Blue: ...

Apple Releases iPadOS and iOS 14.1 With Multiple Bug Fixes Ahead of iPhone 12 Launch

Tuesday October 20, 2020 10:06 am PDT by
Apple today released iOS and iPadOS 14.1, the first major updates to the iOS and iPadOS 14 operating system updates that were released in September. iOS and iPadOS 14.1 come a week after Apple released the golden master versions of the updates to developers. The iOS 14.1 update can be downloaded for free and it is available on all eligible devices over-the-air in the Settings app. To access...

Watch: iPhone 12 and iPhone 12 Pro Unboxing Videos and First Impressions

Tuesday October 20, 2020 6:05 am PDT by
Apple's embargo has lifted for iPhone 12 and iPhone 12 Pro reviews. In addition to our detailed review roundups for each device, we've rounded up over a dozen unboxing videos and first impressions below. iPhone 12 in Blue on left and iPhone 12 Pro in Pacific Blue on right via Engadget Key new features of the iPhone 12 and iPhone 12 Pro include a flat-edge design, 5G support, a much faster A14 ...

Gold Version of iPhone 12 Pro Apparently Has a More Fingerprint Resistant Stainless Steel Frame

Tuesday October 20, 2020 11:56 am PDT by
iPhone 12 Pro reviews hit the web today, and one of the more interesting tidbits came from TechCrunch's Matthew Panzarino, who revealed that the Gold version of the device apparently has a more fingerprint resistant coating applied to the stainless steel frame. From his review:Most of the iPhone 12 Pro finishes still use a physical vapor deposition process for edge coating. But the new gold...

Photographer Austin Mann Tests the iPhone 12 Pro's Camera

Wednesday October 21, 2020 4:14 am PDT by
Travel photographer Austin Mann usually performs an in-depth review of new iPhone models to test their camera performance in real-world scenarios. To test Apple's new iPhone 12 Pro, Mann traveled to Glacier National Park, Montana. Mann focused on some of the biggest camera upgrades with the iPhone 12 Pro, including the upgraded Wide lens, Ultra Wide Night mode, and LiDAR autofocus, across a...

iPhone 12 Pro Max Has Smaller 3,687 mAh Battery According to Regulatory Filing

Tuesday October 20, 2020 8:48 pm PDT by
Apple's new iPhone 12 Pro Max is equipped with a 3,687 mAh battery, which is around 7% less capacity than the 3,969 mAh battery in the iPhone 11 Pro Max, according to a regulatory filing published by TENAA, the Chinese equivalent of the FCC. The regulatory filing, spotted by MacRumors, also lists the iPhone 12 Pro Max with 6GB of RAM as seen in benchmark results last week. Apple has filed ...

5G Drains iPhone 12 Battery 20% Faster Than 4G in Benchmark

Wednesday October 21, 2020 3:17 am PDT by
After the first reviews for the iPhone 12 and iPhone 12 Pro emerged yesterday, a new report by Tom's Guide reveals the extent of battery life reductions when using 5G. The report outlines a test wherein the iPhone surfs the web continuously at 150 nits of screen brightness, launching a new site every 30 seconds until the battery drains. Interestingly, the test was run on an iPhone 12 and...

Hands-On With Apple's iPhone 12 and 12 Pro MagSafe Cases

Tuesday October 20, 2020 1:33 pm PDT by
Apple's iPhone 12 and 12 Pro are launching this Friday, and ahead of that release date, Apple is shipping out various accessories like the MagSafe charger and MagSafe cases. Yesterday we took a look at the MagSafe charger, and today our MagSafe case came in the mail, so we thought we'd take another look at the charger to see how it works with the case and just how strong the case magnets are. S ...

Reliable Leaker Suggests AirTags 'Coming Soon' in Two Different Sizes

Tuesday October 20, 2020 1:53 am PDT by
Apple's rumored AirTags Bluetooth tracking devices could launch imminently and will be available in two size options, based on new tweets from cryptic-but-reliable leaker L0vetodream. In typical enigmatic style, the leaker first tweeted this morning that a "big one" and a "small one" are "coming soon," but withheld what they were referring to. However that was followed an hour later with the ...