Apple Announces End-to-End Encryption Option for iCloud Photos, Notes, Backups, and More

Apple today announced it is expanding end-to-end encryption to many additional iCloud data categories on an opt-in basis for enhanced security.

iCloud already protects 14 data categories using end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more, as outlined in this Apple support document. With the optional Advanced Data Protection feature, the number of iCloud data categories that use end-to-end encryption rises to 23.

Advanced Data Protection will be available on the iPhone, iPad, and Mac starting with iOS 16.2, iPadOS 16.2, and macOS 13.1 later this month and provides end-to-end encryption for the following additional iCloud categories:

• Device Backups and Messages Backups
• iCloud Drive
• Notes
• Photos
• Reminders
• Voice Memos
• Safari Bookmarks
• Siri Shortcuts
• Wallet Passes

Apple says the only major iCloud data categories that are still not protected by end-to-end encryption are Mail, Contacts, and Calendar because of the "need to interoperate with the global email, contacts, and calendar systems" that use legacy technologies.

Advanced Data Protection for iCloud is available to test starting with the latest iOS 16.2, iPadOS 16.2, and macOS 13.1 beta versions being released today. Apple says the optional security feature will be available to U.S. users by the end of the year and will start rolling out to the rest of the world in early 2023.

End-to-end encrypted iCloud data can only be decrypted on your trusted Apple devices where you're signed in with your Apple ID account, ensuring that the data remains secure even in the case of a data breach in the cloud. Not even Apple has access to the encryption keys, so if you lose access to your account, you can only recover the data using your device passcode or password, recovery contact, or recovery key. Users will be guided to set up at least one recovery contact or recovery key before they turn on Advanced Data Protection.

"Advanced Data Protection is Apple's highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices," said Ivan Krstić, Apple's head of Security Engineering and Architecture. "For users who opt in, Advanced Data Protection keeps most iCloud data protected even in the case of a data breach in the cloud."

You can turn off Advanced Data Protection at any time. Upon doing so, your device will securely upload the required encryption keys to Apple servers, and your account will revert to a standard level of protection, according to Apple.

When Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default. Users have the option to turn on data access on iCloud.com, which allows the web browser and Apple to have temporary access to data-specific encryption keys.

Advanced Data Protection is designed to maintain end-to-end encryption for most shared iCloud content as long as all participants have Advanced Data Protection enabled, including iCloud Shared Photo Library, iCloud Drive shared folders, and shared Notes. However, Apple says iWork collaboration, the Shared Albums feature in Photos, and sharing content with "anyone with a link" do not support Advanced Data Protection.

For a more technical overview of Advanced Data Protection, read the iCloud security overview and the Apple Platform Security guide.