Security News > 2022 > December > Egad, did Apple do something right? End-to-end encryption for (most) iCloud services
"Advanced Data Protection is Apple's highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices," explained Ivan Krstić, Apple's head of security engineering and architecture, in a canned statement.
Apple already offers end-to-end encryption by default for 14 iCloud services, including passwords in iCloud Keychain and Health data.
"All CloudKit Service keys that were generated on device and later uploaded to the available-after-authentication iCloud Hardware Security Modules in Apple datacenters are deleted from those HSMs and instead kept entirely within the account's iCloud Keychain protection domain," Apple explains in its support documentation.
Apple responds to critics of CSAM scan plan with FAQs, says it'd block governments subverting its system Apple is about to start scanning iPhone users' devices for banned content, professor warns Scanning phones to detect child abuse evidence is harmful, 'magical' thinking Europe proposes tackling child abuse by killing privacy, strong encryption.
"The announcement that the company will implement end-to-end encryption for iCloud backups in the coming weeks is a big deal. It means people's personal messages, documents, and data will be secure from law enforcement, hackers, and Apple itself. Law enforcement agencies have spread misinformation for years about encryption, and tried to stop Apple from taking this important step, but any claims that this move will put people in danger are misguided at best. Encryption makes people more safe, not less safe."
Some iCloud metadata and usage information will remain accessible to Apple - still encrypted, but with keys under Apple's control.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/08/apple_encryption_icloud/