Apple Pushes iOS 16.2 Release Candidate With Optional End-to-End Encrypted iCloud Backups


iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.

Advanced Data Protection is part of three major iOS security enhancements, the others being iMessage key verification and enabling the use of physical security keys for Apple ID login. Apple says those other two features will be rolled out globally next year; encrypted iCloud backups, meanwhile, are available with iOS 16.2’s release first in the United States with a gradual rollout to the “rest of the world”.

From Apple’s Platform Security Guide:

When a user first turns on Advanced Data Protection, web access to their data at is automatically turned off. This is because iCloud web servers no longer have access to the keys required to decrypt and display the user’s data. The user can choose to turn on web access again, and use the participation of their trusted device to access their encrypted iCloud data on the web.


iWork collaboration and the Shared Albums feature in Photos don’t support Advanced Data Protection. […]

Unsurprisingly, it also says all devices logged in with the user’s Apple ID must be updated to the versions of their respective operating systems rolling out to beta testers today as release candidates.

Robert McMillan and Joanna Stern, Wall Street Journal:

The changes represent a new potential setback for law-enforcement officials. Last year, Apple proposed software for the iPhone that would identify child sexual-abuse material on the iPhone. Apple now says it has stopped development of the system, following criticism from privacy and security researchers who worried that the software could be misused by governments or hackers to gain access to sensitive information on the phone.

Stern also scored an exclusive interview with Craig Federighi and put together a video explaining the changes.

It sure seemed like the announcement of the CSAM detection features last year was a precursor for enabling fully end-to-end encrypted iCloud accounts. The logic was something like: law enforcement is already wary of widespread encryption and they use CSAM as a universal gotcha, so this is a way to solve both problems. But it ended up causing far more controversy — controversy that was not unwarranted. I do not know if you are aware of this, but big computer companies are not universally trusted with being able to accurately monitor user material in their own platforms.

This can be seen as a mea culpa, on one hand, but also a more firm line between what Apple sees as its role, and what tasks are best left up to individuals. Two of the three features Apple announced as part of its child safety initiatives were launched without much issue. Apple is now clarifying that users’ data is strictly their own, even if it is stored in iCloud. This applies to iCloud Photos; it also applies to Messages.

This is undeniably good news, but you should expect to see alarmist rhetoric about Apple protecting heinous criminals. Instead, think of it as protection for all users from law enforcement overreaches, creepy intelligence agencies, and overbroad policies. This is an excellent and long-overdue announcement for even us boring law-abiding people.