With the release of iOS 16.3 and macOS 13.2, Apple is introducing Advanced Protection for iCloud, which uses end-to-end encryption to provide Apple's highest level of cloud data security yet. Here's everything you need to know about enabling it on your devices.
The new security feature ensures users will have the choice to further protect their important iCloud data, including iCloud Backup, Photos, Notes, and more.
Apple's use of end-to-end encryption means the vast majority of your most sensitive iCloud data can only be decrypted on your trusted Apple devices where you're signed in with your Apple ID account, ensuring that the data remains secure even in the case of a data breach in the cloud. In other words, no-one – not even Apple – can access your data except you.
iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos.
Advanced Data Protection provides end-to-end encryption for the following additional iCloud categories:
- Device Backups and Messages Backups
- iCloud Drive
- Notes
- Photos
- Reminders
- Voice Memos
- Safari Bookmarks
- Siri Shortcuts
- Wallet Passes
The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.
Crucially, Advanced Data Protection for iCloud is an opt-in feature, so you must enable it yourself using the steps below. Note that if you lose access to your account, you can only recover your data using your device passcode or password, a recovery contact, or a recovery key. (You will be guided to set up at least one recovery contact or recovery key before Advanced Data Protection is enabled.)
It's also worth bearing in mind that when Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default, although you will have the option to turn on data access on iCloud.com, which allows the web browser and Apple to have temporary access to data-specific encryption keys.
Before you enable Advanced Data Protection, you'll first have to update all your devices to the latest software versions, otherwise you'll have to remove these devices from your account as they won't support end-to-end encryption. Advanced Data Protection will be available globally on the iPhone, iPad, and Mac starting with iOS 16.3, iPadOS 16.3, and macOS 13.2, all of which are expected to be released in January 2023.
How to Enable Account Recovery on iPhone, iPad, and Mac
Before turning on Advanced Data Protection, you'll need to set up Account Recovery. This ensures you can recover your data if you forget your password.
- Open Settings on your iPhone or iPad (or System Settings on Mac), and then select your Apple ID banner at the top of the menu.
- Select iCloud.
- Select Advanced Data Protection.
- Select Account Recovery and follow the onscreen instructions to set it up.
During Account Recovery setup, you'll be able to select a recovery contact – a trusted person such as a family member or friend who also owns an Apple device. They will receive recovery codes if you ever forget your password.
You'll also have the option to set a 28-character recovery key, which you'll need to print out and keep somewhere safe, or store in a password manager.
How to Enable Advanced Data Protection on iPhone, iPad, and Mac
Once Account Recovery is set up, you can enable Advanced Data Protection for iCloud Backups.
- Open Settings on iPhone or iPad (System Settings on Mac) and then select your Apple ID banner at the top of the menu.
- Select iCloud.
- Select Advanced Data Protection.
- Toggle on the switch for Advanced Data Protection to turn it on.
That's it. Your iCloud backups are now protected with end-to-end encryption.
You can turn off Advanced Data Protection at any time. Upon doing so, your device will securely upload the required encryption keys to Apple servers, and your account will revert to a standard level of protection.