In addition to expanding end-to-end encryption to many additional iCloud data categories on an optional basis, Apple today also announced two other new security features designed to protect against threats to user data in the cloud.
Apple says the new iMessage Contact Key Verification and Security Keys for Apple ID features will be available globally on the iPhone and other devices in 2023.
iMessage Contact Key Verification allows users who face "extraordinary digital threats," such as journalists, human rights activists, and government officials, to further verify that they are messaging only with the people they intend. In conversations between users who have enabled iMessage Contact Key Verification, users are alerted if a state-sponsored attacker or other malicious actor were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on the conversation.
As an additional layer of security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call to further verify they are communicating only with whom they intend.
Second, Security Keys for Apple ID will give users the choice to use third-party physical security keys to further protect their account. For users who enable this feature, Security Keys strengthens Apple's two-factor authentication by requiring a hardware security key as one of the two factors instead of an authentication code.
"Our security teams work tirelessly to keep users' data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications," said Apple's software engineering chief Craig Federighi.
