Expanded iCloud Encryption Can't Be Enabled From New Apple Devices Right Away

by

Starting with iOS 16.2, iPadOS 16.2, and macOS 13.1, all of which are expected to be released next week, users have the option to enable a new Advanced Data Protection feature that expands end-to-end encryption to many additional areas of iCloud, including Messages backups, Photos, Notes, Reminders, Voice Memos, and more.

Apple advanced security Advanced Data Protection screen Feature Purple
To protect users, Apple does not allow Advanced Data Protection to be enabled from a brand new device for an unspecified period after the device was first set up and added to a user's Apple ID account. We have seen dates range from late January to early February for when users will be able to turn on the feature from a new device. This buffer helps to prevent a malicious actor from enabling the feature if a user is hacked.

Users can still enable Advanced Data Protection from an older device they added to the same Apple ID account, such as another iPhone, iPad, or Mac. In this case, all devices added to that Apple ID account are fully protected by the expanded end-to-end encryption for iCloud, including newer ones that are still in the waiting period.


Turning on Advanced Data Protection removes your encryption keys from Apple's servers for the iCloud categories protected by the feature, ensuring that your data remains secure even in the case of a data breach in the cloud. When the feature is enabled, the encryption keys are only stored on your trusted Apple devices, meaning that they cannot be accessed by Apple or others. The feature can be turned off at any time, at which point your devices will securely upload the encryption keys to Apple's servers again.

When Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default. Users can turn on data access on iCloud.com, which allows the web browser and Apple to have temporary access to data-specific encryption keys.

iCloud already protects 14 data categories using end-to-end encryption by default, without Advanced Data Protection enabled, including passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more. Apple has a support document with a chart detailing what is protected by standard levels of encryption and what is protected by Advanced Data Protection when enabled.

Advanced Data Protection is available for U.S. users only at launch and will start rolling out to the rest of the world in early 2023, according to Apple. For more details about the feature, read our coverage of Apple's announcement earlier this week.

Tags: Advanced Data Protection, iCloud
Related Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+

Popular Stories

iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Less Than Two Months Away: Everything We Know

Thursday July 25, 2024 5:43 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article130 comments
Apple Intelligence General Feature

Apple Intelligence Now Available in New iOS 18.1, iPadOS 18.1, and macOS Sequoia Developer Betas

Monday July 29, 2024 10:07 am PDT by
Apple is today providing developers with the first betas of iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1, with the new software introducing an early version of the Apple Intelligence features. These new betas will be in testing alongside the current iOS 18, iPadOS 18, and macOS Sequoia 15 betas. Developers can choose whether to opt into the new betas with Apple Intelligence, or stay on the ...
Read Full Article346 comments
Apple Intelligence General Feature

Report: Apple Intelligence Delayed to iOS 18.1 in October

Sunday July 28, 2024 11:52 am PDT by
Apple Intelligence will miss its initial expected launch date to give Apple more time to fix bugs, Bloomberg's Mark Gurman reports. According to individuals with knowledge about Apple's plans, the company now plans to start rolling out Apple Intelligence in software updates by October, arriving several weeks after the launch of iOS 18, iPadOS 18, and macOS Sequoia. This means that Apple...
Read Full Article236 comments
T Mobile Generic Feature Pink 1

T-Mobile Sued for Breaking Lifetime Price Guarantees

Friday July 26, 2024 2:44 pm PDT by
T-Mobile customers have filed a lawsuit [PDF] against the carrier, alleging that it failed to honor a guarantee not to raise the prices of select cellular plans. The lawsuit, first spotted by Wired, claims that back in 2017, T-Mobile advertised several of its plans with a price lock, but then went on to increase prices starting in May 2024. "T-Mobile ONE customers keep their price until...
Read Full Article121 comments

Top Rated Comments

Rigby Avatar
Rigby
22 months ago
Probably to prevent the scenario where an attacker somehow gains access to someone's account and then uses their own device (never registered to the victim's Apple ID) to enable advanced protection. This would permanently lock out the victim since Apple cannot help recover the data when advanced protection is enabled. The delay gives the victim enough time to change the password and remove the attacker's device from the account.
Score: 47 Votes (Like | Disagree)
now i see it Avatar
now i see it
22 months ago
Likely to save people from themselves. While encrypted iCloud is great - plenty of people are going to get royally burned by it when they forget stuff
Score: 25 Votes (Like | Disagree)
FreakinEurekan Avatar
FreakinEurekan
22 months ago
The FUD is strong in this thread.

* If you have a device that’s been active for a while, you can turn it on.
* If you turn it on, it’s on for ALL devices.
* The reason you can’t use a recently activated device, is so if someone compromises your account and signs in on a device, they can’t lock you out of your data.
Score: 24 Votes (Like | Disagree)
trip1ex Avatar
trip1ex
22 months ago
I just created a YouTube channel under a new gmail account and put all my photos and video on there where I know no one will view it.
Score: 17 Votes (Like | Disagree)
Mr. Heckles Avatar
Mr. Heckles
22 months ago

It sounds like the new users are under probation for a few months, then they are qualified for it. Is that seem odd to you?
From a new device. If you have another device on your iCloud account already, you can still turn it on. You just can’t turn it on from a recent added device.
Score: 10 Votes (Like | Disagree)
killawat Avatar
killawat
22 months ago

So if I have an iPhone 13, turn on "Advanced Data Protection" and encrypt my iCloud backups, and then next month, I buy a brand new iPhone 14 and copy my iPhone 13 over to it, does that mean my backups on the new iPhone 14 are now all of sudden unencrypted until I am allowed to turn on this feature again in two months?

This makes no sense.
No, advance data protection is account wide. If you're able to enable it on iPhone 13 it will also be on iPhone 14. But the waiting period still exists for new starts on new devices.
Score: 9 Votes (Like | Disagree)
Read All Comments