NPR Yesterday wrote a story on the efforts of tech companies to protect consumer data, which included an extensive chart on how companies measure up when it comes to encryption.

While Apple was found to be encrypting iMessage end-to-end, as well as email from customers to iCloud, it was found to be one of the few global email providers based in the U.S. that does not encrypt customer email in transit between providers. That means emails that are sent from iCloud to iCloud are encrypted, but emails sent from iCloud to other providers, such as Gmail, are not encrypted.

Following the post, however, Apple told NPR that it is planning to encrypt those emails in the near future.

Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers. After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses.

As noted by 9to5Mac, Apple's response to NPR mentions only Me.com and Mac.com without a mention of the newer iCloud.com email addresses, but Google's data protection transparency website suggests that outbound iCloud.com emails are not encrypted, so it is likely Apple's plans include changes to the iCloud.com domain as well.

icloudencryption
As noted by NPR, end-to-end encryption of emails sent back and forth between service providers requires cooperation between providers. Both email services involved (such as Apple and Google or Apple and Yahoo) must implement encryption, which means Apple will need to work with other email providers for true end-to-end encryption of iCloud.com email.

NPR's study also noted that many app installations and iOS updates are sent unencrypted to iPhones, as are configuration files sent from telecom companies, and pre-login browsing/shopping traffic from the Apple Store.

Top Rated Comments

iLoveiTunes Avatar
142 months ago
kudos... iCloud is pretty much my primary off-work email these days. Stopped using gmail a while back
Score: 7 Votes (Like | Disagree)
chirpie Avatar
142 months ago
Kudos to NPR, that entire series was a good listen.
Score: 5 Votes (Like | Disagree)
DryHeave Avatar
142 months ago
The NSA has complete access to information anyway, and can easily decrypt it no sweat.
Well that depends what method of encryption you're using. If you're using a one-time-pad xor method with truly random pad data, then unless an attacker has read-access to your one-time pad or you screw up and accidentally use the pad twice, nobody else is going to have even the remotest possible chance of decrypting it — no cryptologist, white hat, black hat, nor NSA, nor aliens, nor even the most advanced computer in the universe running for quadrillions of years, nor even God.

Ok, maybe God. But that's about it. Maybe Q.
Score: 4 Votes (Like | Disagree)
coolfactor Avatar
142 months ago
This article is quite misleading. There's two ways to protect emails in transit:

Method #1 - Encrypt the pipe that the email message travels through. This is basically the whole SSL/TLS discussion that has been in the news lately.

Method #2 - Encrypt the contents of the email message itself. This would allow the encrypted message to pass through non-encrypted pipes and still be safe. But this method is far more complicated, as it requires a certificate+handshake between the sending email client and the receiving email client.

It sounds like Apple will be ensuring that when it connects to another mail server, it will try to use an encrypted pipe, if the other server supports that whereas right now, it doesn't make that effort. That would make sense. The messages themselves won't be magically encrypted as per Method #2. That's up to the end-user to implement.
Score: 4 Votes (Like | Disagree)
2984839 Avatar
142 months ago
Yeah, it would be nice to have *real* encryption so even Apple cannot decrypt our messages and give them to the government.

If Apple is encrypting them with Apple's keys, this has no effect on the government because Apple can simply be ordered to hand them over, just like Lavabit was.

Apple really needs to have customers generate their own keys locally and only pass encrypted data through Apple servers to address the NSL issue. If Apple doesn't hold the keys, they can't surrender them if served with an NSL.
Score: 2 Votes (Like | Disagree)
Westside guy Avatar
142 months ago
Good grief! They don't already do that? :eek:
Google only recently started doing this. Same thing with encryption of data between their own different server farms - twelve months ago they weren't encrypting that, either.

Then Snowden/Greenwald released a talk slide from the NSA showing that tapping those messages between server farms was one of the ways they were intercepting (specifically) Google data. That slide was shown to a pair of Google engineers, who then reportedly responded "oh (expletive)".

Google does deserve credit for moving on this quickly - but all of these companies have been playing catch-up. And really this only addresses spying by national entities. This almost certainly isn't how criminals get hold of people's mail.
Score: 2 Votes (Like | Disagree)

Popular Stories

iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 13 New Features

Wednesday April 23, 2025 8:31 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
iphone 17 dummies sonny dickson

iPhone 17 Air Almost as Thin as Its Buttons, New Images Show

Thursday April 24, 2025 2:14 am PDT by
If you missed the video showing dummy models of Apple's all-new super thin iPhone 17 Air that's expected later this year, Sonny Dickson this morning shared some further images of the device in close alignment with the other dummy models in the iPhone 17 lineup, indicating just how thin it is likely to be in comparison. The iPhone 17 Air is expected to be around 5.5mm thick – with a thicker ...
iPhone 17 Air Pastel Feature

iPhone 17 Air Launching Later This Year With These 16 New Features

Thursday April 24, 2025 8:24 am PDT by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device. Overall, the iPhone 17 Air sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Friday April 18, 2025 5:16 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
iphone 17 air dummy unbox therapy

iPhone 17 Air's Extreme Thinness Demoed in New Video

Tuesday April 22, 2025 10:22 am PDT by
Apple plans to release an all-new super thin iPhone this year, debuting it alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. We've seen pictures of dummy models, cases, and renders with the design, but Lewis Hilsenteger of Unbox Therapy today showed off newer dummy models that give us a better idea of just how thin the "iPhone 17 Air" will be. The iPhone 17 Air is expected to be ...
Global Close Your Rings Day Pin

Apple Stores Giving Away a Limited-Edition Pin For Free Today

Thursday April 24, 2025 10:15 am PDT by
Starting today, April 24, Apple Stores around the world are giving away a special pin for free to customers who request one, while supplies last. Photo Credit: Filip Chudzinski The enamel pin's design is inspired by the Global Close Your Rings Day award in the Activity app, which Apple Watch users can receive by closing all three Activity rings today. The limited-edition pin is the physical...
Apple Logo Spotlight Blue

White House Hits Back at Apple's Massive EU Fine

Thursday April 24, 2025 5:57 am PDT by
Apple's $570 million fine from the EU has triggered a sharp rebuke from the White House, which called the fine a form of economic extortion, Reuters reports. The fine was announced on Wednesday by the European Commission, following a formal investigation into Apple's compliance with the bloc's Digital Markets Act (DMA), a landmark piece of legislation aimed at curbing the market dominance of ...
ipad air magic keyboard feature

iPadOS 19 Rumored to Show Mac-Like Menu Bar When Connected to Magic Keyboard

Thursday April 24, 2025 12:09 pm PDT by
When an iPad running iPadOS 19 is connected to a Magic Keyboard, a macOS-like menu bar will appear on the screen, according to the leaker Majin Bu. This change would further blur the lines between the iPad and the Mac. Bloomberg's Mark Gurman previously claimed that iPadOS 19 will be "more like macOS," with unspecified improvements to productivity, multitasking, and app window management,...