Apple's Data Encryption Changes in the UK Explained

Apple on February 21 withdrew its Advanced Data Protection feature from the United Kingdom following government demands for backdoor access to encrypted user data. The move came after UK officials reportedly ordered Apple in secret to provide unrestricted access to encrypted iCloud not just in the UK, but worldwide.

The development has naturally left some Apple device users in the UK asking questions about the security of their data and whether their digital privacy has been affected. Keep reading to learn the answers.

What is Advanced Data Protection?

Advanced Data Protection (ADP) was introduced in 2022, and is Apple's highest level of cloud data security. It is an opt-in feature that expands the number of iCloud data categories protected by end-to-end encryption – a security measure where data is encrypted in such a way that only the user can access it on their trusted devices, and no one else, not even Apple, can decrypt it.

We don't know how many people use ADP (Apple has never released figures) but it is likely that most casual Apple device users have not enabled the feature, either because they don't know it exists or they have old Apple devices that are running older software, making them incompatible with ADP. (ADP requires updated software on all of the devices linked to an Apple Account.)

Without ADP enabled, many iCloud data categories use standard encryption. This means categories like iCloud Mail, Contacts, and Calendars are always encrypted regardless of whether ADP is enabled. The difference is that Apple also holds the encryption keys for these categories and can access the data if legally compelled to do so.

ADP removes this possibility, since the encryption keys exist only on users' trusted devices. In other words, with ADP enabled, even if Apple receives a court order to provide user data, the company technically cannot access it. End-to-end encryption essentially creates a mathematical lock that not even Apple can break.

This difference is in how the encryption keys are stored:

Unlike standard encryption, ADP applies end-to-end encryption to additional iCloud data categories including:

• iCloud Backup (including device and Messages backup)
• iCloud Drive
• Photos
• Notes
• Reminders
• Safari Bookmarks
• Siri Shortcuts
• Voice Memos
• Wallet passes
• Freeform

Who Is Affected by Apple's Decision?

Apple's move affects two groups of UK users:

• New users: As of February 21, UK users can no longer enable Advanced Data Protection on their accounts. When attempting to activate ADP, they'll see a notice stating "Apple can no longer offer Advanced Data Protection in the United Kingdom to new users."
• Existing users: Those who already had ADP enabled will need to manually disable it during an unspecified grace period to maintain their iCloud accounts. Apple has stated it "does not have the ability to automatically disable it on their behalf" and will provide additional guidance to affected users in the future.

Which iCloud Features Remain Protected?

It's important to understand that not all iCloud security is affected by this change. Several Apple services remain end-to-end encrypted by default in the UK, including:

• Messages in iCloud*
• iMessage communications
• FaceTime calls
• Passwords and Keychain
• Health app data
• Journal data
• Home data
• Payment information and Apple Pay transactions
• Maps
• QuickType Keyboard learnt vocabulary
• Safari (History, Tab Groups, and iCloud Tabs)
• Screen Time
• W1 and H1 Bluetooth keys
• Wi-Fi passwords
• Siri information
• Memoji

* Messages in iCloud is end-to-end encrypted when iCloud Backup is disabled. When iCloud Backup is enabled, backups include a copy of the Messages in iCloud encryption key to help users recover their data.

Why Did Apple Make This Decision?

The UK government issued a "technical capability notice" under the Investigatory Powers Act (IPA), demanding that Apple create a backdoor allowing British security officials to access encrypted user data globally. This order was made secretly because the IPA makes it illegal for companies to disclose the existence of such government demands.

The order would have required Apple to create a backdoor to its end-to-end encryption system, granting UK officials access to user data worldwide, not just within the UK. Worse, Apple would have been legally bound to keep this capability secret, preventing users from knowing about its existence – which would be basically lying to them about the security of their data.

Cybersecurity experts have consistently warned that creating any backdoor to encrypted content weakens security, not just targeted individuals, but for everyone. They often use the analogy of leaving house keys under a doormat – it creates a vulnerability that can be exploited by anyone who discovers it.

Rather than comply with the UK government's demand, which would compromise security worldwide, Apple chose to withdraw the feature from the UK market entirely.

In a statement accompanying the withdrawal of ADP, Apple said that it "remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom."

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.