Apple brings end-to-end encryption to nearly every iCloud service, including backups
With our ever-increasing dependence on online services, security and privacy are a top priority, and Apple has implemented several features in its devices to maintain security. Apple’s efforts continue with Wednesday’s announcement of three new security features to protect users online.
Apple’s new features are:
- iMessage Contact Key Verification: A method for users to verify the identity of the people they are communicating with.
- Security Keys for Apple ID: The option to require a physical security key to sign in to an Apple ID account.
- Advanced Data Protection for iCloud: End-to-end encryption when accessing iCloud resources.
In a press release, Apple’s Craig Federighi said, “At Apple, we are unwavering in our commitment to provide our users with the best data security in the world. We constantly identify and mitigate emerging threats to their personal data on device and in the cloud.” The new features will arrive as part of iOS 16.2 and macOS 13.1, which are likely to hit devices early next week.
In a statement, the FBI said it was “deeply concerned with the threat end-to-end and user-only-access encryption pose.” The bureau added the move “hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism.”
Privacy advocates, however, praised the move. Caitlin Seeley George of Fight the Future called the announcement “a big deal” that “means peoples’ personal messages, documents, and data will be secure from law enforcement, hackers, and Apple itself.” Additionally, the Electronic Frontier Foundation applauded Apple for “listening to experts, child advocates, and users who want to protect their most sensitive data.”
Here are the features that will arrive on devices soon:
iMessage Contact Key Verification
iMessage Contact Key Verification is a feature that users can turn on to inform the user when a conversation in Messages or FaceTime could possibly be monitored by an unseen intruder. An alert will appear when “an exceptionally advanced adversary” were able to breach the service and eavesdrop. Users will also be able to compare a Contact Verification Code in person, on FaceTime, or through another secure call. iMessage Contact Key Verification is in addition to the end-to-end encryption that Apple has always used with iMessage and FaceTime.
Security Keys is a supplement to the two-factor authentication used for Apple ID log-ins. Apple’s 2FA involves logging in with your username and password and then typing in a six-digit numerical code that is sent to your trusted devices. Security Keys will give users the option of using a third-party hardware security key for 2FA authentication. The key can be inserted into a port or use NFC wireless connectivity.
Advanced Data Protection for iCloud
With iCloud, 14 “sensitive data categories” use end-to-end encryption, including iCloud Keychain and Health. Advanced Data Protection for iCloud will expand that encryption coverage to 23 categories, which includes iCloud Backup, Notes, and Photos. If you sign up for Advanced Data Protection, the only iCloud features that are not covered are iCloud Mail, Contacts, and Calendar, which need to interoperate with Apple’s global systems.
These features will be available in the U.S. as part of the full release of iOS 16.2 and macOS 13.1 arriving later this month. Apple says a global rollout is scheduled for early 2023.