Ask any tech enthusiast why they prefer Apple’s ecosystem, and they will answer “security” as one of the key factors. Is Apple’s security fortress really unbreachable? No. There are plenty of hacking incidents to prove it. Zero-day vulnerabilities pop up from time to time, and against sophisticated spyware like Pegasus, even Apple has proved to be clueless.
What Apple offers is a higher standard of protection, which also explains why the company has kept piling up on its ecosystem gatekeeping. For example, Apple doesn’t allow sideloading and likely never will. It has its own set of tangible benefits. In 2022, Apple is further fortifying its security infrastructure with a trio of features.
First in line is an iMessage Contact Key Verification feature that will alert users if a third party is snooping on their chat. Next, we get support for physical security keys, which is arguably the safest commercially available option for users to keep their data safe. But the biggest change is coming to iCloud, which has continued to be a chink in Apple’s armor for a while now.
Apple is offering a system called Advanced Data Protection for iCloud that lets you opt-in towards an end-to-end iCloud backup system. The company says, “for users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos.”
Advanced Data Protection is currently rolling out to registered beta testers in the U.S., but it will be widely available by the end of this year. In “early 2023,” it will be available to users across the globe. On the software side, it will be seeded with the iOS 16.2, iPadOS 16.2, and macOS 13.1 updates.
Now, Apple’s security protections are divided across Standard and Advanced tiers. The former only offers pipeline and server-level encryption for your iCloud backup, iCloud Drive, Photos, Notes, Reminders, Voice Memos, Bookmarks, and Siri Shortcuts. The Advanced tier protects all of it behind end-to-end encryption.
That’s a huge upgrade from a privacy perspective, as photos, notes, and voice memos often contain the most sensitive kind of information. This is also the kind of information that has often been weaponized against dissenters, activists, and journalists, among other target groups.
Only you have access to your data when it is end-to-end encrypted. That’s because only you possess the decryption keys stored in a secure enclave on your device. For example, no one can access or decipher your chats happening over an end-to-end encryption service like iMessage or WhatsApp.
But when your data is merely protected behind a wall of encryption with no end-to-end protection, both the user and the company that owns the data –in this case, Apple — can view the data whenever they want.
Since iCloud backups are merely hidden behind a layer of one-side encryption, Apple has access to all of it. Aside from non-personally identifying data like device settings, iCloud backups occasionally also contain your images and texts. The infamous Pegasus could break in and steal data on the cloud.
Of course, Apple is not spying on its users, but it is still technically possible to see your chats and images. Moreover, if pressed, Apple has to hand over that data to law enforcement agencies. In the U.S., where privacy and data protection laws are stringent, a court order is needed to get that data.
Apple recently admitted that it helps agencies with the necessary data when there is a valid need, especially with the recent AirTags stalking fiasco that has now escalated into a class-action lawsuit.
However, the aforementioned legal safeguards are typically absent in less democratic countries, which means users’ iCloud backups are always at the mercy of a regime. There is no dearth of such arm-twisting tactics being deployed in Asia and the Middle East. Even law enforcement agencies in the U.S. have stopped Apple from encrypting cloud backups. According to a Reuters report, the FBI asked Apple to stop plans to encrypt iCloud backups in 2020 because it would hamper investigations.
So far, Apple has also avoided end-to-end encryption for iCloud backups on the justification that “what if users lose their passwords” and never get back access to valuable information. But this is Apple’s ecosystem we’re talking about here.
Apple recently revealed that its two-factor authentication system is being used by 95% of its device users. If that’s the level of safety awareness, why not let the user choose whether they want to enable end-to-end encryption for iCloud backups?
If users accept the risks, they won’t have to pick between convenience, security, privacy, and peace of mind. Thanks to Advanced Data Protection, Apple has finally solved the entire puzzle in one go.
Apple’s products have a high aspirational value, and they really stand out. But as a company, Apple is far from a messiah. Developers often complain about the arbitrary rejection of their apps, the double standards in applying policies, the unrelenting attitude at collecting a 30% revenue cut, and the dislike for unionization.
But when it comes to safety and security, Apple has set high standards — and the fans know it, too. Such is the trust and goodwill generated by Apple that in 2016, people gathered outside a store in San Francisco to support its strict attitude towards encryption, at a time when law enforcement agencies wanted broader backdoor access.
When was the last time that people willingly came out in support of a company, let alone a Big Tech brand? With an opt-in end-to-end encryption pipeline for a more diverse set of sensitive iCloud data, Apple has closed a huge vulnerability.
Not only are users protected from hackers, but they can also sleep easy knowing that Apple can’t be forced by an agency or regime to rat on you. Apple’s claims of offering a secure ecosystem have recently fallen on deaf ears, because of its alleged lopsided policies and monopolistic conduct.
Apple’s claims of a safe and secure ecosystem now have more teeth.
Investigations into Apple are in full throttle at home, and abroad. Apple’s latest iCloud move probably won’t stop that antitrust scrutiny, but at least Apple’s claims of a safe and secure ecosystem now have more teeth. It is going to win Apple a lot of new fans, and that’s a huge victory in itself.
Will law enforcement agencies challenge Apple’s latest move? Most likely. After all, authorities nabbed a Chinese spy using iCloud backups, as per a Bloomberg report. But in doing so, they would only make Apple look like a messiah for user privacy and security — more so than it ever was.