Apple has long used end-to-end encryption for some of the information on your iPhone, like passwords or health data, but the company neglected to offer a way to better protect other crucial data, including iCloud backups, until recently. This came after years of a hard fought battle pushing Apple to encrypt backups and drop its plans for client-side scanning. With Advanced Data Protection, that additional security is now an option, but you have to turn it on yourself. This is a big win for user privacy, and sets a new bar for the safety of cloud device backups.
Apple introduced Advanced Data Protection in the United States in December 2022, and released it globally in January 2023. (No list of countries is currently available, but Apple confirmed to EFF that it’s available globally). The idea is simple: you can now enable end-to-end encryption of data that was previously only encrypted in transit and on Apple’s servers, meaning that Apple itself could access the data. In other words, you can now control the encryption keys and Apple will not be able to access any of this data. It also means Apple will not be able to help you regain access to most information on your account. The full list of data categories is available on Apple’s site, but the most notable include the iCloud backup (which includes the backup of Messages), iCloud Drive, photos, notes, reminders, and more.
EFF first called for Apple to enable encrypted backups back in 2019 because, while some of the data in iCloud is end-to-end encrypted, backups were not, and that meant a lot of different categories of data were vulnerable to government requests, third-party hacking, and disclosure by Apple employees. This was often a cause for confusion with Messages, where the messages were end-to-end encrypted, but the backups were not. The potential for privacy issues were complicated fu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: