Apple Announces New Privacy Features for the Cloud
In the future, Apple will also offer end-to-end encryption for backups and photos. In addition, the Apple ID will support hardware security keys starting next year.
Apple has announced new features to improve the protection of user data stored in the Apple Cloud. Among other things, Apple will offer the option to secure data stored in iCloud, such as photos and backup, with end-to-end encryption.
Advanced Data Protection for iCloud extends the end-to-end encryption already available for certain data types such as iCloud Keychain and Health to a total of 23 data categories. New additions now include iCloud Backup, Notes and Photos. Apple says only the iCloud Mail, Contacts and Calendar categories are excluded to ensure compatibility of those data types with third-party offerings.
“Apple makes the most secure mobile devices on the market. And now we’re building on that powerful foundation,” said Ivan Krstić, head of Security Engineering and Architecture at Apple. “Advanced Data Protection is Apple’s highest level of cloud data security, giving users the ability to protect most of their sensitive iCloud data with end-to-end encryption so it can only be decrypted on their trusted devices.” This, he said, protects users’ data even in the event of a cloud security incident.
Apple ID supports hardware security keys
Another new feature is that Apple is giving iMessage users the ability to verify their contacts’ security keys. Contact Key Verification confirms end-to-end encryption when exchanging messages, giving users the assurance that their messages can only be read by the selected recipient. Similar to WhatsApp, the verification is done face-to-face by checking the recipient’s key with their own iMessage app. According to Apple, the feature is primarily intended for journalists, activists and government employees who have particularly high demands for secure communication.
The third new function is simply called Security Keys: Apple will support third-party hardware security keys for two-factor authentication. “This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam,” Apple said.
Advanced Data Protection for iCloud is available now in the U.S. through Apple’s Beta Software Program. Worldwide, the feature is scheduled to roll out in early 2023. So is support for Apple ID security keys. Apple plans to make iMessage Contact Key Verification available at an unspecified date next year.