iCloud is Apple’s cloud storage service that allows users to securely store data such as photos, documents, contacts, calendars, and more. With over 850 million paid subscribers as of 2022, iCloud has become an essential service for Apple device owners to keep their data safe and accessible across multiple devices.
However, as with any cloud service, there are risks associated with storing personal data in the cloud. Recent studies have shown an alarming rise in data breaches impacting cloud services. According to an Apple commissioned study, over 2.6 billion records were compromised in data breaches in 2022 alone, marking a significant surge from previous years [1]. This highlights the growing need for users to take steps to secure their iCloud data.
In this article, we will explore how you can leverage Apple’s Advanced Data Protection features to add an extra layer of security to your iCloud data, protecting it from unauthorized access and malicious threats.
What is Advanced Data Protection?
Advanced Data Protection is a security feature introduced by Apple in iOS 16, iPadOS 16, and macOS Ventura that provides enhanced encryption for iCloud data (1). It allows users to protect their most sensitive iCloud data, including iCloud Backups, Notes, Photos, and more with end-to-end encryption.
With end-to-end encryption, Apple no longer holds the encryption keys to decrypt user data. Instead, encryption keys are stored locally on the user’s trusted devices. Apple devices have a secure enclave chip that protects encryption keys.
This means that even in the event of a data breach in iCloud, the encrypted data would remain inaccessible to unauthorized parties. Only data stored on the user’s trusted devices can be decrypted with the user’s encryption keys (2).
Advanced Data Protection provides an extra layer of security and privacy for users’ most sensitive iCloud data. Users must opt-in to enable the feature.
Enabling Advanced Data Protection
To enable Advanced Data Protection, open the Settings app on your iPhone or iPad and tap on your name at the top of the screen. Then tap on “iCloud” and scroll down to the Advanced Data Protection option. Tap on “Turn On Advanced Data Protection” to enable it.
On a Mac, open System Preferences and click on your Apple ID name at the top. Then click on “iCloud” in the sidebar and you’ll see the option to turn on Advanced Data Protection under Advanced settings. Toggle the switch on to enable it.
According to Apple’s support page, when you turn on Advanced Data Protection, iCloud automatically re-encrypts the data associated with your account using end-to-end encryption. This provides an additional layer of security for your sensitive iCloud data.
Protecting iCloud Backups
One of the key features of Advanced Data Protection is the ability to secure your iCloud backups. When enabled, Advanced Data Protection end-to-end encrypts iCloud backups from all of your Apple devices like iPhones, iPads, and Macs (Apple Support). This means the encryption keys are stored directly on your devices rather than with Apple.
To use Advanced Data Protection for backups, you need to turn it on for each device individually. On your iPhone, iPad, or Mac, go to Settings > Your Name > iCloud > Manage Storage > Backups and toggle on Advanced Data Protection. Now your backups from that device will be fully encrypted.
With end-to-end encrypted backups, the data can only be accessed on your trusted devices even in the unlikely event Apple’s servers are compromised. This provides an important additional layer of security for your sensitive information stored in iCloud like photos, messages, contacts, and more.
End-to-End Encrypted iCloud Data
With Advanced Data Protection enabled, certain types of sensitive iCloud data are protected using end-to-end encryption (e.g. iCloud data security overview). This means only you can access the contents of the encrypted data. Not even Apple has the keys to decrypt the data.
Currently, the following iCloud data categories can be secured with end-to-end encryption when Advanced Data Protection is turned on:
- iCloud Backup
- Photos
- Notes
- Reminders
- Voice Memos
- Safari Bookmarks
- Siri Shortcuts
- Wallet Passes
With end-to-end encryption, the encrypted data is unreadable during transmission and storage. Only on your devices is the data decrypted and accessible after unlocking with your passcode or biometric authentication.
Other iCloud data types like Mail, Contacts, and Calendar are not end-to-end encrypted due to the need to interoperate with global systems. However, Apple states this iCloud data is still encrypted in transmission and on Apple servers (e.g. iCloud data security overview).
Two-Factor Authentication
Two-factor authentication provides an extra layer of security for your Apple ID by requiring two forms of authentication when signing in (SOURCE: https://support.apple.com/en-us/102660). This prevents unauthorized access to your account even if someone knows your password.
To set up two-factor authentication on an iPhone (SOURCE: https://support.apple.com/guide/iphone/use-two-factor-authentication-iphd709a3c46/ios):
- Go to Settings > [your name] > Sign-In & Security.
- Tap Turn On Two-Factor Authentication, then tap Continue.
- Choose how you want to receive verification codes, such as via text message or authentication app.
- Follow the onscreen instructions to complete the setup.
With two-factor authentication enabled, you’ll need to enter both your password and a verification code sent to your trusted device or phone number when signing in to Apple services.
Recovery Contacts
One of the key features of Advanced Data Protection is the ability to designate trusted friends or family as recovery contacts. These contacts can help you recover access to your account if you ever lose your trusted device or forget your password.
To add a recovery contact, open the Apple ID account page and navigate to the Password & Security section. Under Advanced Data Protection, you’ll see the option to Add Recovery Contact. You can designate up to 5 recovery contacts.
If you ever lose access to your account, you can request your recovery contact to generate a recovery code. This recovery code can then be used to regain access to your account. Just make sure your recovery contacts are people you know and trust.
Adding recovery contacts provides an important safeguard to protect your data if you lose account access. As Apple notes, recovery contacts should be trusted individuals who can help you recover your account while protecting your privacy.
Security Recommendations
In addition to Advanced Data Protection, there are a few other steps you can take to further secure your iCloud account and data:
Use a strong and unique password for your Apple ID that you don’t use for any other accounts. Avoid common words, names, or dates and mix upper and lower case letters, numbers, and symbols. You can also enable two-factor authentication for an extra layer of security.
Be careful about where you sign in to your Apple ID and avoid entering it on unfamiliar or public devices. Only download apps from the official Apple App Store.
Review which apps have access to your iCloud data through the Apple ID account page and consider revoking access to any unfamiliar apps. You can also separate iCloud data between apps by turning on app-specific passwords.
Enable two-factor authentication and set up trusted phone numbers and recovery contacts in case you ever get locked out of your account. Keep your devices up to date and install the latest iOS and security patches.
Avoid clicking on suspicious links in emails, texts or websites to protect against phishing attempts targeting your Apple ID. Use Find My to remotely erase data if a device is ever lost or stolen.
Limitations of Advanced Data Protection
While Advanced Data Protection provides robust security for most iCloud data, there are some limitations to what it protects against (Apple – Advanced Data Protection for iCloud):
- It does not encrypt all iCloud data. Data such as contacts, calendar events, and photos are not covered.
- It does not prevent access to data on lost or stolen devices if they are unlocked.
- Law enforcement can request access to iCloud data with a legal court order.
- Apple can access iCloud data for troubleshooting issues.
- If an unauthorized person gains access to your account credentials, they can still access unencrypted data.
- Advanced Data Protection only protects data at rest on Apple’s servers. Data in transit could be intercepted.
While Advanced Data Protection provides robust encryption and security for sensitive iCloud data, it’s important to understand it doesn’t make your data totally inaccessible. Proper account security and device protections are still necessary.
Conclusion
Advanced Data Protection for iCloud provides users with additional safeguards to secure their personal data stored in iCloud. By enabling Advanced Data Protection, users can protect their iCloud data with end-to-end encryption, two-factor authentication, and recovery contacts.
The key steps to enable Advanced Data Protection are:
- Enable two-factor authentication for your Apple ID.
- Add one or more recovery contacts to your account.
- Turn on Advanced Data Protection for eligible data categories like iCloud backups, notes, and photos.
- Understand the limitations of Advanced Data Protection, like needing a recovery key to restore data if you lose access.
Following these steps allows your personal iCloud data to have enhanced security. While no system is completely foolproof, Advanced Data Protection provides users with more control over their data privacy.
