- Apple iCloud backups can no longer be end-to-end encrypted in UK
- Apple says other encrypted services such as iMessage are unaffected
- Experts raise concerns over cybersecurity issues for UK users
Apple announced that starting from Friday 21 February 2025, iCloud backups for new users in the UK will no longer be able to use Advanced Data Protection. Existing users who have already enabled the feature will eventually be prompted to disable it themselves, through receiving an error message when turning the device on, though there isn’t a specific timeline provided by Apple for when this will occur. Apple has cited this unprecedented move is in response to government demands for access to user data.
The change affects a feature called Advanced Data Protection (ADP), which extends end-to-end encryption across a wide range of cloud data.
“Apple’s decision to disable the feature for UK users could well be the only reasonable response at this point, but it leaves those people at the mercy of bad actors and deprives them of a key privacy-preserving technology,” said Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation.
Governments and tech companies have been embroiled in a longstanding conflict over robust encryption used to safeguard consumer communications, as authorities see it as a barrier to widespread surveillance and law enforcement initiatives. However, the demand from the UK represents an especially extensive measure.
Apple has long said that it would never build a so-called backdoor into its encrypted services or devices, because once one is created, it could be exploited by hackers in addition to governments, a sentiment echoed by security experts.
“Ultimately, once a door exists, it’s only a matter of time before it’s found and used maliciously. Removing ADP is not just a symbolic concession but a practical weakening of iCloud security for UK users,” said Professor Oli Buckley, a professor in cybersecurity at Loughborough University in Britain.
Data that was encrypted before Apple launched its protection service in late 2022, such as passwords and iMessage and FaceTime messaging services, will remain encrypted.
“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,” Apple said in a statement.
The change does not affect encryption of data stored directly on Apple devices, however many users find it impractical to store all their data on their device, based on their large quantities of photographs and messages, and utilise cloud storage services. Device-only storage also means that if the device is lost or damaged, all of a user’s data could disappear, which drives many if not most consumers to opt for some form of cloud backup that now will be easier for British authorities to access.
It is alleged that Australia may follow suit, but in this instance it’s a “Britain first” initiative.
