clock menu more-arrow no yes mobile

Apple makes it easier to keep your data secret from hackers, cops, and even Apple

How to encrypt most of your iCloud data — and why you should.

A person holds a traditional camera to their face while holding an iPhone in their hand.
A woman takes a photo of an iPhone.
Justin Sullivan/Getty Images
Sara Morrison is a senior Vox reporter who covers data privacy, antitrust, and Big Tech’s power over us all.

Apple, the company whose CEO is fond of calling privacy a human right, has added a few new privacy features to its devices. One of them, Advanced Data Protection, is adding end-to-end encryption to almost every iCloud service out there. Which means that almost everything you upload to Apple’s cloud — from backups to photos — can only be accessed by you. That’s good for your privacy, which means the FBI isn’t thrilled about it.

The updates are part of Apple’s years-long push to be known as the Big Tech company that cares and does more about its customers’ privacy than its competitors. And they come at a time when the need for this privacy is only that much more obvious. Apple products should no longer be assumed to be safe from hackers, and phishing scams — where you’re tricked into giving your account credentials to a hacker — are only getting more aggressive and convincing. At the same time, most people store a lot of personal and valuable information on cloud servers like iCloud, which only makes them that much more attractive of a target. The more options you have to help lock your data down, the better.

The company announced the update on Wednesday, although the upgraded encryption won’t be available until the end of this year for US users and early next year for everyone else. When it does roll out, you’ll have to choose to enable it in your iCloud settings.

Even if you don’t know much about internet security, you’ve probably heard at least something about encryption by this point, as the general public has become more aware of the need for it and more services that offer it have popped up. With end-to-end encryption, the data you send to iCloud can’t be read by anyone else as it travels to or from the cloud, nor can Apple see it when it’s stored on their servers. That helps protect your data from hackers who breach Apple’s servers. It’s less clear if you’d be safe from the types of people who notoriously broke into hundreds of iCloud accounts, including Jennifer Lawrence’s, through its website in 2014, but two-factor authentication and Security Keys, another feature that was announced on Wednesday, are specifically designed to protect against such phishing attacks.

Apple’s new security feature will also prevent law enforcement from accessing the data you have in iCloud. That’s why the FBI isn’t happy about Apple’s privacy tools. Law enforcement generally doesn’t like encryption that doesn’t give them a way to easily obtain your data from the third party that’s hosting it, which is something they do a lot. Governments around the world have repeatedly called on tech companies not to do what Apple just did, and Reuters reported a few years ago that Apple decided not to allow users to encrypt their iCloud backups after the FBI urged it not to (Apple has denied this).

There’s been plenty of friction between Apple and the Department of Justice for years over Apple’s refusal to create a back door into its devices for law enforcement. In 2016 and in 2020, the DOJ tried to force Apple to help it break into the phones of mass shooters it suspected of having terrorist ties. Both times, Apple refused, and the FBI was (eventually and at great expense) able to hack into the phones without Apple’s help. In the 2020 case, Apple gave the FBI all of the data it had from the shooter’s iCloud account, even as the FBI groused about not being able to access the physical device. Now, with Advanced Data Protection enabled, Apple won’t even be able to give the FBI most of that iCloud data, either.

Needless to say, the agency is not a fan of Advanced Data Protection, saying in a statement that it’s “deeply concerned” with the “threat” posed by encryption, and that “the FBI and law enforcement partners need ‘lawful access by design.’”

Apple already offered end-to-end encryption for some things in iCloud, including Health data, Apple Card transactions, Keychain passwords, and Safari. This update will add device and iMessage backups, iCloud Drive, Photos, and Notes to the list. The only things that won’t have an end-to-end encryption option are Mail, Contacts, Calendars, and certain types of metadata, which Apple says is due to technical constraints.

A prompt asking if a user wants to enable Advanced Data Protection.
The Advanced Data Protection prompt that iCloud users will soon see.
Apple

If you don’t want to enable Advanced Data Protection, it’s not like your data will be left hanging out on the internet for anyone to see. Apple already encrypts all of this stuff in transit and on its servers, but it has the keys to some of it — which means law enforcement would have access to it too, as long as they have the right court order forcing Apple to give it up. When you enable Advanced Data Protection, you’re taking those keys away. There’s a downside to this: It could make it harder to regain access to your data if you lose it for whatever reason, since Apple won’t be able to access it for you.

Advanced Data Protection doesn’t make it impossible to get your data. If someone has access to your device or your account recovery key, then they’ll be able to see what’s on it. While it disables web access to iCloud, you can choose to turn that back on, which would give temporary access to encryption keys to your browser and to Apple. If you’re super-protective of the stuff on your phone, you could also just avoid uploading any of the data on it to iCloud and keep it all on your device. Although that, again, won’t help you if someone gets ahold of the device itself.

Unlike some of Apple’s privacy offerings that users had to pay extra for, these will be available to every Apple customer for free (if you don’t count the fact that Apple devices are generally more expensive than its competitors). That’s obviously good for Apple users who care about cybersecurity and privacy, but it may also be good for users who don’t know much about it or how best to secure their accounts. It may also be good for people who don’t even use Apple products because it’ll put that much more pressure on companies like Google to up its security game and offer these services to its customers, too.

If you aren’t an Apple user or just don’t want to put all of your data eggs in Apple’s basket, there are plenty of services out there that offer end-to-end encryption. Instead of Apple’s keychain for your passwords, you can use one of several password managers. Messaging services like Signal, WhatsApp, and Telegram’s secret chat feature end-to-end encryption for your messages. Proton’s Mail is end-to-end encrypted, as is its cloud storage service.

So while Apple isn’t the only company expanding its encryption services, it’s surely the biggest. For a lot of people, it might be the easiest, too, since you’re not switching between various services to do various things: You can add another layer of security to your life with just a tap on your screen.

Update, December 8, 1:30 pm ET: This story has been updated with additional details about how Advanced Data Protection works and Security Keys’ protection against phishing attacks.