iCloud website on the montior showing Apple iCloud backups end-to-end encryption

Apple to Add End-to-End Encryption to iCloud Backups

One of the few significant holes in Apple’s end user security is set to be addressed, as Cupertino has announced plans to introduce end-to-end encryption to iCloud backups.

This is a feature that Apple has talked about in the past, but has delayed due primarily to pressure from US federal law enforcement agencies. End-to-end encryption has long been available on local devices and for Apple’s built-in iMessage system, but the “weak link” of unencrypted iCloud backups has both been exploited by hackers and has been something that law enforcement has demanded continued access to.

Proposal to encrypt iCloud backups likely faces legal challenges from national governments

Law enforcement and intelligence agencies around the world are so interested in continued easy access to iCloud backups that they are widely expected to take Apple to court to stop the move. Given its public wrangling with the FBI that dates back a decade at this point, that agency is likely to be among the first challengers. The United Kingdom is also in the midst of a broad government push to add backdoors to end-to-end encryption in all its forms.

End-to-end encryption of iCloud backups is currently rolling out to beta testers, and is expected to be available to US users by the end of 2022. Other countries are expected to receive it at different times throughout 2023. The move puts decryption keys entirely in the hands of the end user, removing Apple’s internal ability to unlock iCloud backups in response to law enforcement requests and greatly limiting the ability of hackers to burrow into the platform.

Though law enforcement appears to have a special interest in access to Apple, the move is meant to catch the company up with competing products. Both WhatsApp and Google Messages have offered end-to-end encryption for message backups for over a year now. Apple devices will not be 100% protected from outside snooping by this change, however, as some functions require interoperability with outside providers that could break: email, calendars and contacts could still be subject to law enforcement requests or accessed by someone that manages to compromise the device or the user account. Apple also retains access to certain metadata, such as checksums used to identify child abuse material.

The cost of end-to-end encryption is always some loss of convenience, and Apple device users will now need to protect their own decryption keys and set up an external source to assist if they are locked out of their iCloud backups. They will be able to either name a trusted second party to authorize account recovery, or create a recovery key. Melissa Bischoping, Director, Endpoint Security Research at Tanium, notes that end users should carefully consider this: “The Apple userbase is vast, and while these protections are of key interest to those in sensitive positions like activists, journalists, and political/government employees, the benefits are also valuable as regular consumers continue to see their data stolen.  However, before rushing into enabling these settings, make sure you understand the recovery capabilities and instructions, and treat your recovery keys like you would any sensitive passphrase or identity document. If you choose to store your recovery keys on a computer, only do so with a trusted password manager. It’s a good idea to also keep a secured printed copy somewhere safe.”

One further limitation of the new end-to-end encryption feature is that it will not be available to underage users and to the managed accounts used by young students at schools, at least not initially. Users will also need to opt in to two-factor authentication for it to work, and will need to have updated to at least iOS version 16.2 or macOS 13.1.

End-to-end encryption part of Apple’s push to reassure consumers of privacy and security

Privacy groups have generally applauded the announcement, though some have expressed concern that users will have to opt in to this enhanced protection of iCloud backups rather than having it working for them by default. Some will not be satisfied until Apple upgrades to “rich communication services” messaging (RCS) built directly into iPhones, an option that has been available to Android users since late 2019 (but is only just gaining end-to-end encryption on a broad scale).

Apple paired the iCloud backups announcement with another new security development that addresses public concerns about the commercial spyware wielded by governments and state-backed hackers: iMessage Contact Key Verification, available to parties that are at “extraordinary” risk of advanced snooping by powerful forces. The feature provides assurance that the iOS user is speaking to a legitimate contact and not a third party that has inserted itself into the flow of communications, but it has some limitations. Both sides of a messaging conversation must have it enabled for it to work, and it must also be opted into. It is scheduled to roll out sometime in 2023.

Craig Lurey, CTO and Co-Founder at Keeper Security, notes that hardware keys are also now an option: “Apple’s new data protections –especially the integration of security keys — are a welcome addition to the platform for security-conscious users, especially those who already use a YubiKey device to encrypt their data on iOS devices or want to use a security key but need more incentive to make the investment. Hardware security keys provide one of the highest levels of security for MFA setups, which is why Keeper allows YubiKey to work with our software.”

These encryption moves are somewhat bold, with the knowledge that the company will face a renewed legal fight from the FBI and other government-backed forces. But Apple appears to be committed to strengthening its brand as the premier user- and security-focused hardware provider, after some recent missteps appeared to rattle consumer confidence. These include the company disabling the device-to-device AirDrop communication feature for users in China during recent protests over harsh Covid lockdowns, and announcing active scanning of user devices for child abuse images.

That latter plan was also recently dropped by the company, after an extended review period due to public backlash. The company also announced in early October that it would gradually move its manufacturing out of China, adding more capacity to its existing iPhone production in India and likely moving Macintosh production to Thailand, with expectations being that it will decouple entirely from China within five years.