If you’re an iPhone user, this iCloud setting is a must for your privacy and security!

Apple offers "Advanced Data Protection for iCloud," which is end-to-end encryption of the contents of your iCloud. You should absolutely turn this on if you use Apple products and iCloud!

I first posted about this topic in March 2023 when Apple launched this feature. This remains the number one and most important reason you should choose iOS and Apple products over Google products if you want to maximize your privacy and security.

If you use Apple products and iCloud, you should turn this feature on now. If you use Google, you should consider switching to Apple for privacy and security reasons.

With e2e encryption turned on with iCloud, your photos, drive files, emails, and messages are e2e encrypted. This means that nobody but someone with access to your account can view their contents. This means Apple can’t see them (or an employee at Apple), and it means Apple can’t turn your files over to any 3rd parties. Google does not offer a similar capability.

Why does this matter?

For most online services (like Google and Apple’s iCloud), data you sync to the cloud is encrypted, but the service provider maintains access to the encryption keys. This means these companies can decrypt and look at your data and have the authority to do so in their terms of service (ToS).

For example, Google’s ToS indicates that they may access your data to protect against security threats, abuse, and illegal activity (reference here) or for legal reasons, including complying with requests from legal process or governmental requests (reference here). Apple has similar language in their ToS (reference here). Note: I’m not advocating that this is inappropriate, but I think it’s important that people understand this exists. Also, this is pretty standard for any United States-based technology company.

This also means that there are employees at these companies who have access to your data, and if they abuse that access, there is nothing you can do about it. For example, from 2018 to 2020, Google fired 80 employees for abusing user data (article).

If your data is E2E encrypted, only the user (you) maintains the encryption keys, and no 3rd party (like Google or Apple) can access your data.

Apple’s Advanced Data Protection for iCloud

With Apple’s “Advanced Data Protection for iCloud,” 23 categories of data are E2E encrypted (meaning only you can decrypt them — not Apple). They have a great chart showing these categories here, but the most important data that is E2E encrypted is:

1. Photos

2. iCloud Backup (this includes device backups)

3. Drive (files)

4. Notes

5. Messages

6. Home Data

7. Siri Data

8. Safari

But you have to turn it on! This encryption is not enabled by default.

What does all this mean?

If you enable Apple’s Advanced Data Protection for iCloud, most of your sensitive data will be E2E Encrypted and only accessible by you (and not by 3rd parties).

Disclaimer: There is a risk that if you lose your decryption keys, you will lose access to the data. As long as you keep control of your recovery options, this is a very low risk.

From Apple’s help page:

Before you turn on Advanced Data Protection, you’ll be guided to set up at least one alternative recovery method: a recovery contact or a recovery key. With Advanced Data Protection enabled, Apple doesn't have the encryption keys needed to help you recover your end-to-end encrypted data. If you ever lose access to your account, you’ll need to use one of your account recovery methods — your device passcode or password, your recovery contact, or recovery key — to recover your iCloud data.

Note: you can store your recovery key in your password manager. Use my password manager recommendation, Enpass, and learn more in this post.

How can you turn this on?

1. Apple’s Help Page for turning on Advanced Data Protection for iCloud is here as a reference.

2. “You can turn on Advanced Data Protection on an iPhone with iOS 16.2, iPad with iPad OS 16.2, or a Mac with macOS 13.1. Turning on Advanced Data Protection on one device enables it for your entire account and all your compatible devices.”

3. On an iPhone or iPad

   1. Open the Settings app.

   2. Tap your name, then tap iCloud.

   3. Scroll down, tap Advanced Data Protection, then tap Turn on Advanced Data Protection.

      

   4. Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.

4. On a Mac

   1. Choose Apple menu  > System Settings.

   2. Click your name, then click iCloud.

   3. Click Advanced Data Protection, then click Turn On.

   4. Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.

   

My recommendation

Turn on Advanced Data Protection if you have an iPhone or Mac and use iCloud. This ensures that only you can access your most sensitive data and protects you from 3rd parties accessing your data or rogue employees.

If you don’t use Apple products or iCloud, you should consider switching from Google/Android, particularly for your sensitive information.

Stay Safe!

Tate

Comments

[Men's Media Network]

If you can avoid it, decline all “cloud” services. The TOS for every cloud service, without exception, gives the service ownership of your stored data. Pictures, files, music, emails, whatever. You have no guarantee you will be able to retrieve your data in the format quality in which it was saved. In the case of Photos, your downloads will typically be of a lower resolution than those you uploaded. Take the $$$ you’d otherwise spend for a year of cloud storage services and buy yourself a quality name brand 4 or 5 Tb SSD.

[Paul Caloca - EssentialRiskMgt]

Excellent advice. Recovery keys and info can be kept in a Password Manager app with strong encryption, such as 1Password.