Apple Removes Advanced Data Protection – What It Means for You.
Apple has garnered significant attention by discontinuing its most sophisticated data security feature for customers in the United Kingdom.
The company is withdrawing Advanced Data Protection (ADP) following a request from the Home Office, which sought the authority to access data protected by this tool—an ability that even Apple itself does not possess at present.
Instead of acquiescing to this demand, the technology giant announced on Friday that it would cease new registrations for the tool in the UK and will eventually revoke access for existing users.
This decision has sparked criticism regarding the actions of the UK government, as well as confusion concerning the remaining protections available to Apple customers in the UK.
What is Apple's Advanced Data Protection?
ADP is a voluntary data security solution aimed at enhancing the protection of data stored in iCloud accounts for users of devices such as iPhones.
Default encryption is applied to various items, including backups, photos, notes, and voice memos.
In certain circumstances, law enforcement may compel the company to surrender this data.
In contrast, ADP introduces an additional layer of security through end-to-end encryption, ensuring that Apple cannot view or access the data; only the user retains access.
RELATED: Apple to Invest $500B in U.S. Expansion, Including AI Server Facility in Texas.
Since Apple does not possess a decryption key, losing access to one's account could result in permanent data loss.
This also implies that law enforcement agencies are unable to retrieve such data.
It is important to note that this tool operates independently of the existing protections for blue messages sent via iMessage, passwords saved in iCloud Keychain, Health app information, and FaceTime, all of which are inherently end-to-end encrypted.
What does this mean for my iCloud data?
If you are located in the UK and have not activated Advanced Data Protection (ADP), there will be no alteration in the manner in which your data is safeguarded due to Apple's decision to disable this feature.
Your iCloud data will continue to be secured by standard encryption and, as previously, remains accessible to Apple.
However, this change means that you can no longer opt for end-to-end encryption for your iCloud storage, even if you wish to do so.
Additionally, individuals in the UK who had ADP enabled before the recent change will eventually lose access to this feature at a later date, as indicated by external sources.
Apple has not provided information regarding the timeline or the number of UK users who will be impacted.
Concerns have been expressed by several experts regarding the removal of certain protections, indicating that it may result in diminished user security and potentially broader global implications.
Graeme Stewart from the cybersecurity firm Check Point noted that this does not imply an unrestricted environment, as law enforcement agencies are still required to obtain a warrant to access iCloud data.
However, he cautioned that other nations might seek to emulate the UK's request to Apple for a so-called "backdoor" into encrypted cloud data.
Cybersecurity professionals have compared the concept of establishing a backdoor to leaving one's house keys under a doormat, effectively creating a vulnerability that could be exploited by anyone, including malicious actors.
The Electronic Frontier Foundation, a digital rights organization, stated that if Apple had acquiesced to the request, it would have established a backdoor not only for users in the UK but for individuals globally, irrespective of their location or citizenship.
In a statement to the BBC, Apple asserted that it has "never built a backdoor or master key to any of our products, and we never will."
What protections do Google and Android offer?
Similar to Apple, Google asserts that it employs standard encryption across various services to safeguard data as it transfers between users' devices, its services, and data centers.
The technology giant, which owns the Android operating system, has enhanced protections for Android phone system backups since 2018.
It utilizes a system that creates a random security key on the device, which is then encrypted using the user's lock-screen passcode, pattern, or PIN.
Google claims that it cannot access this security key, and the passcode-protected data is transmitted securely to high-security chips located in its data centers.
However, these protections do not apply to Google Photos or content stored in Google Drive, which are not end-to-end encrypted.
Additionally, Google offers an Advanced Protection Program for individuals seeking enhanced security for their accounts.
This program relies on the use of passkeys to authenticate the account holder.
Certain Samsung Galaxy smartphones feature "enhanced data protection," which provides encryption for backups of messages, call logs, applications, settings, and additional data, ensuring comprehensive end-to-end security.
RELATED: TikTok Returns to Apple and Google App Stores in the US.
Apple's decision to withdraw Advanced Data Protection in the UK raises significant concerns about the future of user privacy and data security. While the company claims to prioritize privacy, this move could create a dangerous precedent, potentially opening the door for more governments to demand similar access to encrypted data.
Without end-to-end encryption on iCloud, users may face increased risks of data breaches or surveillance. This shift also diminishes the level of control users have over their own information, leaving them vulnerable to both government access and potential malicious attacks, ultimately undermining the security Apple once promised.
