Apple is launching a host of new privacy and security features aimed at protecting the data of people using its devices.
It will now offer end-to-end encryption for almost all of the data that users store in iCloud, its online storage service. And it will add new ways of ensuring that people are really only speaking with who they intend to on iMessage.
The new tools are intended to make it harder for hackers, spies and governments to be able to access people’s sensitive and private information.
For years, Apple has focused on privacy and security. Much of that has been about the data on a device, and iPhones and other products have received a range of updates to ensure that data is protected even if someone has physical access.
But users have been encouraged to back up their data online, over iCloud. That data has not been encrypted in the same way, making it easier for attackers to get access to information such as photos and conversations.
Now Apple will encrypt that data too, ensuring those backups are also secured even once they have left the device.
No longer. The loophole that law enforcement had for getting at iPhone data will now be considerably narrowed.
Apple, which is based in Cupertino, California, did not immediately respond to requests for comment on the timing of the announcement and other issues. Nor did the FBI immediately respond to an emailed request for comment.
Cybersecurity experts have long argued that attempts by law enforcement to weaken encryption with backdoors are ill-advised because they would inherently make the internet less reliable and more dangerous.
Last year, Apple announced, then withdrew after a flood of objections, a plan to scan iPhones for photos of child sexual abuse.
“Where Apple was hesitant about deploying encryption features last year ... it now feels like they've decided to put the gas pedal down," noted Johns Hopkins cryptography professor Matthew Green on Twitter.
Apple's encryption announcement offers what the company calls Advanced Data Protection, to which users of its devices must opt in. It adds iCloud Backup, Notes and Photos to data categories that are already protected by end-to-end encryption in the cloud, including health data and passwords. Not included in the iCloud encryption scheme are email, contacts and calendar items because they must interoperate with products from other vendors, Apple said.
It said Advanced Data Protection for iCloud would be available to U.S. users by the end of the year and start rolling out to the rest of the world in early 2023.
In a blog post, Apple said “enhanced security for users' data in the cloud is more urgently needed than ever,” citing research that says data breaches have more than tripled over the past eight years.
Other tech products that already offer end-to-end encryption include the world's most popular messaging app, WhatsApp, and Signal, a communications app prized by journalists, dissidents, human rights activists and other dealers in sensitive data.
Apple announced a few other advanced security features on Wednesday, including one geared toward journalists, human rights activists and government officials who “face extraordinary digital threats" — such as from no-click spyware. Called iMessage Contact Key Verification, it will automatically alert users to eavesdroppers who succeed in inserting a new device into their iCloud via a breach.
In July, Apple announced a new optional feature called Lockdown Mode that is designed to protect iPhones and its other products against intrusions from state-backed hackers and commercial spyware.
Apple said at the time that it believed the extra layer of protection would be valuable to targets of hacking attacks launched by well-funded groups.
Users are able to activate and deactivate lockdown mode at will.
Additional reporting by Associated Press