Apple is adding end-to-end encryption to iCloud backups, which are now part of the expanded list of data and content categories on iCloud that will have the encryption layer. At the same time, Apple also enables iMessage Contact Key Validation for conversation privacy and also allows users to secure their iCloud accounts using hardware security keys. The three new layers of privacy are rolling out with iOS 16.2 for the iPhone, iPadOS 16.2, and macOS 13.1, all three expected in the coming days.
This is because Apple has been shelving its child sexual abuse material (CSAM) technology, something it has faced criticism for last year since its first detailed cloud photo scanning proposal. Privacy and security researchers had raised concerns that the technology could be used to access sensitive information on a user’s device.
Apple has decided instead that the alternative to potentially invasive photo scanning may be the broader encryption that now includes Photos. “Child sexual abuse can be prevented before it occurs. That’s what we put our energy into,” the Wall Street Journal quotes Craig Federighi, Apple’s senior vice president of software engineering.
It was December last year when Apple rolled out the “Communication Safety” feature for Messages. This, part of the Screen Time parental control software, enabled the “Check for sensitive photos” option for parents to alert their children (those accounts must be linked as “child” to the parent’s iCloud account) when they have received or are trying to send photos that contain nudity. One of the options is “Messages to an adult.”
Encryption puts iCloud on par with cloud storage competitors
To enable extended iCloud encryption, users must enable Advanced Data Protection in the iCloud settings on an Apple device. As it looks pre-release, this is optional. At least for now. If you choose to enable the extended encryption, it now covers device backups, photos, iCloud Drive, messages backup (if you have that enabled), notes, Safari bookmarks, reminders, Siri shortcuts, wallet cards and voice memos.
What changes for you is how the encrypted data can be accessed in case you need to restore the data on an existing Apple device (such a scenario could be a device reset) or on a new Apple device.
Once Advanced Data Protection is enabled for your account, Apple no longer has the encryption keys to recover the data. You will need a device passcode or password, a recovery contact, or a personal recovery key (this leads us to include hardware security keys as an authentication method).
This is why the installation process walks you through configuring at least one recovery contact or recovery key before enabling Advanced Data Protection.
Beyond backups, the inclusion of iCloud Drive in the new encryption envelope means that your files, documents, media and other data stored there will now have the same level of encryption as some of Apple’s biggest competitors in the cloud storage space. These include Google Drive, Dropbox, and Proton Drive.
Read also:For Apple iPad Pro 12.9, the new chip is a step forward amid soothing familiarity
Proton Drive even released apps for Android and iOS earlier this week. While the free basic storage tier offers less space (1 GB compared to iCloud’s 5 GB), the 200 GB price is comparable. Apple doesn’t have a 500GB option (the next best choice for iCloud is 2TB), which Proton Cloud does offer, and could translate into a better balance for more users.
iOS 16.2 beta users already have access to the now expanded 23 category (compared to 14 previously) encryption. With the final rollout of iOS 16.2 in the coming days, users in the US will be able to set it up first, while the rest of the world will get the option in early 2023.
2FA now also gets hardware security keys
Apple extends the scope of the two-factor authentication system to include the use of physical hardware keys. This means users can use keys, such as those made by YubiKeys (now that it’s on the menu, expect many more configured options for Apple to hit the market soon), as a way to confirm authentication as the user of an Apple -device.
There are two ways to get a security key to authenticate a user. Depending on the key itself, you’ll need to either plug it into an Apple device like an iPhone (the complication of Lightning and USB-C might be something to deal with), or use Near Field Communication (NFC) with the iPhone .
“This feature is designed for users who, often because of their public profile, face collective threats to their online accounts, such as celebrities, journalists and members of the government,” Apple said in a statement. The option to enable Apple ID security keys will be available worldwide in early 2023.
Apple confirms that more than 95 percent of all iCloud accounts have some level of two-factor authentication enabled, using verification codes and distinguishing between trusted and untrusted devices.
Your messages, for your eyes only
Apple is adding a new security tool to iMessage, or Messages, to alert users if someone has tried to access communications on an unrecognized device. This alert will be forwarded in case of forced attempts to breach the cloud servers (enabling the advanced data protection should make this even more difficult) or a device forcibly added to the chain to access messages.
When an alert sounds, both original parties in the conversation are alerted to a potential breach. This comes after iMessage was recently targeted by sophisticated spyware, such as Pegasus. Now iMessage will immediately alert both parties if the device keys are different, or change with an unrecognized or new device in the mix.
“Conversations between users who have iMessage Contact Key Verification enabled will receive automatic alerts should an exceptionally sophisticated adversary, such as a state-sponsored attacker, ever manage to breach cloud servers and enter their own device to complete this encrypted communication. listen,” said Apple. in the statement.
There is confirmation that Message Contact Key Verification will be available globally in 2023.