Apple Beefs Up Security for iCloud, iMessage
One of the new features would prevent law enforcement from accessing more of users' cloud-based data.
Apple's iCloud is about to get more secure.
Apple on Wednesday announced plans to significantly boost its encryption and other security features, further screening its users' data from the eyes of both cybercriminals and law enforcement.
Most notably, the company said it would let users add end-to-end encryption to their iCloud accounts to ensure that data will be decrypted only on their own trusted devices. Data such as passwords and health info are already encrypted, but the new Advanced Data Protection feature also covers iCloud backups, notes and photos, Apple said.
Securing the cloud has become increasingly important in recent years as a growing number of both consumers and businesses have opted to move their data there, rather than store it on local hardware, making the cloud an enticing target.
How Advanced Data Protection will look on the iPhone.
If users opt in to Advanced Data Protection, their data will be further protected against possible cloud data breaches, but also from government or law enforcement officials. In the past, Apple has handed over iCloud data to officials armed with court orders, riling privacy advocates, but the new feature would prevent that, because only the user would have the encryption keys needed to unlock the data.
On the flip side, because Apple won't have control of the encryption keys and access to user data, it'll be up to users, rather than Apple, to recover their data if they lose access to their account. As a result, Apple said, it's requiring users who opt in to the feature to set up at least one alternative recovery method that they can use to recover their iCloud data if they lose access to their account.
That could be one or more people users designate as recovery contacts, or a recovery key, which is an extremely long passcode that can be printed out and stored somewhere safe. If those recovery methods fail, Apple said, it won't be able to help people recover their data.
Also on Wednesday, Apple rolled out security improvements for iMessage. The new contact key verification feature verifies who a person is texting by sending alerts when an unrecognized device is added to the other user's account. This could happen, for example, if someone hacks into an iPhone and is able to eavesdrop on the communications.
An example of an iMessage Contact Verification alert.
Apple also announced increased support for physical security keys. These are devices that can use NFC technology or be plugged in to devices in order to verify a user. This feature will be available for those who want an added layer of protection requiring a security key to sign in to an Apple ID.
What users will see if they choose to make use of a security key.
Apple and its data privacy practices have run afoul of government and law enforcement officials in the past, as the company worked to be seen as a champion of security and privacy in a tech industry consumed with vacuuming up consumer data.
The company won plaudits for pushing back against the FBI, which wanted Apple to crack the iPhone 5C of a terrorist who killed 14 people in 2015. At the time, Apple said it had no sympathy for terrorists and respected the FBI, but that the bureau's request that the company circumvent several key security features went beyond the case at hand and would create the potential for bad actors to crack into anyone's iPhone in the future.
Apple used that steadfast position on privacy to flick its competitors. The company ran a billboard before the 2019 Consumer Electronics Show reading: "What happens on your iPhone, stays on your iPhone." More recent TV commercials have highlighted the data collection practices of other big tech companies.
That said, Apple doesn't have a perfect track record when it comes to consumer privacy. Last year, it announced a new feature that would've scanned its devices for images of child exploitation, but it put the breaks on the idea after privacy and security experts charged that the move was tantamount to creating a back door that could be exploited by governments intent on curbing free expression.
On Wednesday, Apple confirmed to The Wall Street Journal that it had shelved the idea for good.
Advanced Data Protection is available Wednesday as part of the Apple beta software program, and it'll roll out to all US users by the end of the year and then globally in early 2023. Security keys will be available in early 2023, and iMessage contact key verification will come sometime in 2023.