Apple has removed its Advanced Data Protection (ADP) feature for iCloud in the United Kingdom, responding to government demands for backdoor access to encrypted user data. This decision emerged after UK authorities issued a secret order requiring Apple to enable unrestricted access to encrypted iCloud content worldwide. Customers who have already activated Advanced Data Protection will need to manually disable it within a yet-to-be-defined grace period to maintain their iCloud accounts. Apple has indicated that it will provide further guidance for affected users, emphasizing that it cannot automatically disable the feature on their behalf.
The UK government’s request was presented through a “technical capability notice” under the Investigatory Powers Act (IPA). This notice mandated Apple to build a backdoor that would grant British security officials access to encrypted data globally, a move that would compromise the integrity of Apple’s Advanced Data Protection feature. This feature is designed to offer end-to-end encryption for various types of iCloud data, such as Photos, Notes, Messages backups, and device backups. In a statement, Apple expressed deep disappointment over the inability to provide ADP protections to UK customers amid rising data privacy threats.
The company reiterated that ADP allows only the data owner to decrypt their information on trusted devices. Apple’s choice to withdraw the feature instead of conceding to UK pressure aligns with its long-standing opposition to backdoors, which the company believes would make its systems vulnerable to malicious actors. The UK’s demand was particularly contentious, as it would have forced Apple to compromise user data access beyond its borders without user knowledge while prohibiting the company from disclosing the existence of such demands. Despite the loss of ADP in the UK, end-to-end encryption remains intact for other Apple services available in the country, including iMessage, FaceTime, password management, and health data.
Apple has reaffirmed its commitment to prioritizing user security and hopes to reinstate ADP in the UK in the future.
Leave a Reply