Apple has made waves by withdrawing its most advanced data security tool, Advanced Data Protection (ADP), for UK users. This move follows a request from the UK Home Office, which sought access to data protected under this encryption—something even Apple itself cannot currently do.
Rather than complying with the demand, Apple announced on Friday that it would stop new UK sign-ups for ADP and remove access for existing users at a later date. This decision has sparked criticism of the UK government’s stance on encryption while raising concerns about data privacy and security for Apple customers in the region.
What is Apple’s Advanced Data Protection?
Advanced Data Protection (ADP) is an optional security feature designed to enhance the encryption of iCloud data. By default, Apple already encrypts user data, including photos, notes, and backups, but retains the ability to access it if legally compelled.
ADP, however, takes security a step further by implementing end-to-end encryption. This means only the user can access their data—neither Apple nor law enforcement agencies can retrieve it, even with a legal order. While this ensures maximum privacy, it also means that if a user forgets their credentials, their data could be permanently lost.
It’s important to note that ADP does not affect other Apple security features such as iMessage, iCloud Keychain passwords, FaceTime, and Health app data, which are already end-to-end encrypted by default.
What Does This Mean for UK iCloud Users?
If you are in the UK and have not enabled ADP, your data security will remain unchanged. Apple will continue to protect iCloud data using standard encryption, meaning the company retains the ability to access it when required by law enforcement.
However, UK users who previously enabled ADP will lose access to this extra layer of security at an unspecified future date. Apple has not revealed the exact timeline or the number of affected users. Since Friday, users attempting to enable ADP have been met with a notice stating that the feature is no longer available in the UK.
Why Are Cybersecurity Experts Concerned?
Apple’s decision to pull ADP has raised concerns within the cybersecurity and digital rights communities. Experts warn that this move could set a precedent, encouraging other governments to demand similar access to encrypted data.
Graeme Stewart, a cybersecurity specialist at Check Point, acknowledged that this does not mean an immediate erosion of privacy, as law enforcement agencies still require a warrant to access iCloud data. However, he pointed out that the UK’s demand for a “backdoor” to encrypted data could inspire similar policies worldwide.
The Electronic Frontier Foundation (EFF), a digital rights organization, strongly opposed the UK government’s request, arguing that compliance would have compromised encryption for users globally. The organization compared government-mandated backdoors to leaving a house key under a doormat—creating vulnerabilities that could be exploited by hackers and cybercriminals.
Apple reinforced its commitment to privacy, stating, “We have never built a backdoor or master key to any of our products, and we never will.”
How Does Google Handle Encryption?
Like Apple, Google employs standard encryption across its services to protect user data as it moves between devices, services, and data centers.
Google has enhanced security for Android device backups since 2018, using a mechanism that generates a random security key encrypted by the user’s lock screen passcode, pattern, or PIN. This means Google cannot access the key, adding an extra layer of security.
However, not all Google services offer the same level of protection. Google Photos and Google Drive, for example, are not end-to-end encrypted. Additionally, Google provides an Advanced Protection Program for users seeking extra security, relying on passkeys for account verification.
Certain Samsung Galaxy smartphones also offer Enhanced Data Protection, which end-to-end encrypts backups of messages, call logs, apps, and settings.
The Bigger Picture: The Future of Digital Privacy
Apple’s decision to remove ADP from the UK highlights the ongoing global debate over encryption, privacy, and government oversight. While authorities argue that stronger encryption hampers law enforcement’s ability to investigate crimes, privacy advocates warn that weakening encryption could expose users to cyber threats and mass surveillance.
For now, UK Apple users must rely on standard encryption for iCloud data, with no option for additional protection through ADP. As the debate continues, this situation underscores the need for vigilance in balancing security, privacy, and government oversight.
For more updates on this and other tech news, visit News Xpress Online.