Apple is expanding end-to-end encryption to include iCloud backups

8 Dec 2022

Image: © hit1912/Stock.adobe.com

End-to-end encryption for iCloud backups has been demanded by privacy advocacy groups in the past, but could cause tensions with law enforcement groups.

Apple plans to add end-to-end encryption to iCloud backups to protect user data from hackers.

The new feature is part of a batch of security updates the company announced yesterday (7 December), with a focus on cloud protection.

The company said iCloud already protects 14 data categories – such as passwords and health information – with end-to-end encryption. The new advanced data protection feature brings the number of protected datasets to 23, including iCloud backups, Notes and Photos.

Apple said the only data categories that are not covered are iCloud Mail, Contacts and Calendar, as these features need to “interoperate with the global email, contacts and calendar systems”.

The new feature is likely to be praised by data privacy advocates, as groups such as the Electronic Frontier Foundation have been calling for this protection for some time.

The end-to-end encryption could also spark tensions with law enforcement groups, as the data would also not be accessible to law enforcement even with a warrant, The Wall Street Journal reports.

In 2020, Apple reportedly had plans to implement a similar security update for iCloud backups but stopped after complaints from the FBI, six sources told Reuters.

In an interview with The Wall Street Journal, Apple senior VP of software engineering Craig Federighi denied this claim, saying he heard the rumour but “did not know where it came from”.

Apple is also introducing a new iMessage contact key verification feature, to help users ensure they are messaging “only with the people they intend”.

The company said this feature will be useful for those who may be targeted by highly sophisticated cyberattacks such as journalists, human rights activists and government officials.

In 2021, a now patched vulnerability on Apple devices – dubbed ForcedEntry – was used by spyware company NSO Group to infect the phone of a Saudi Arabian human rights activists with Pegasus spyware, according to a discovery by CitizenLab.

Federighi said the new security features will help users “further protect their most sensitive data and communications”.

“At Apple, we are unwavering in our commitment to provide our users with the best data security in the world,” Federighi said. “We constantly identify and mitigate emerging threats to their personal data on device and in the cloud.”

Apple said the advanced data protection will be available to US users by the end of the year and will start rolling out internationally in early 2023. The other security updates will also be available globally next year.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com