Expanded iCloud Encryption Can't Be Enabled From New Apple Devices Right Away
Starting with iOS 16.2, iPadOS 16.2, and macOS 13.1, all of which are expected to be released next week, users have the option to enable a new Advanced Data Protection feature that expands end-to-end encryption to many additional areas of iCloud, including Messages backups, Photos, Notes, Reminders, Voice Memos, and more.
To protect users, Apple does not allow Advanced Data Protection to be enabled from a brand new device for an unspecified period after the device was first set up and added to a user's Apple ID account. We have seen dates range from late January to early February for when users will be able to turn on the feature from a new device. This buffer helps to prevent a malicious actor from enabling the feature if a user is hacked.
Users can still enable Advanced Data Protection from an older device they added to the same Apple ID account, such as another iPhone, iPad, or Mac. In this case, all devices added to that Apple ID account are fully protected by the expanded end-to-end encryption for iCloud, including newer ones that are still in the waiting period.
Turning on Advanced Data Protection removes your encryption keys from Apple's servers for the iCloud categories protected by the feature, ensuring that your data remains secure even in the case of a data breach in the cloud. When the feature is enabled, the encryption keys are only stored on your trusted Apple devices, meaning that they cannot be accessed by Apple or others. The feature can be turned off at any time, at which point your devices will securely upload the encryption keys to Apple's servers again.
When Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default. Users can turn on data access on iCloud.com, which allows the web browser and Apple to have temporary access to data-specific encryption keys.
iCloud already protects 14 data categories using end-to-end encryption by default, without Advanced Data Protection enabled, including passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more. Apple has a support document with a chart detailing what is protected by standard levels of encryption and what is protected by Advanced Data Protection when enabled.
Advanced Data Protection is available for U.S. users only at launch and will start rolling out to the rest of the world in early 2023, according to Apple. For more details about the feature, read our coverage of Apple's announcement earlier this week.