Apple’s decision to remove its most sophisticated data protection measure for UK customers has garnered media attention.
In response to the Home Office’s request for access to the data to which Advanced Data Protection (ADP) is applied—something that even Apple is now unable to do—ADP is being removed.
Instead of fulfilling that request, the tech giant announced on Friday that it would stop new users in the UK from signing up for the tool and take away current users’ access later.
In addition to raising questions about what safeguards are still in place for Apple consumers in the UK, the move has drawn criticism of the UK government’s actions.
What is Apple’s Advanced Data Protection?
ADP is an optional data security feature made to give users of gadgets like iPhones a safer approach to safeguard the information kept in their iCloud accounts.
Standard encryption is applied by default to items such as voice memos, notes, photographs, and backups.
Law enforcement may order the corporation to turn over this information.
ADP, on the other hand, adds an additional layer of security by using end-to-end encryption, which prevents Apple from seeing or accessing the data—only the user can.
Since Apple lacks a key, losing access to your account could result in the complete loss of your data.
It also implies that law enforcement organizations are unable to obtain such information.
The tool is independent of the protections for blue messages sent with iMessage, passwords stored in iCloud keychain, Health app data and Facetime, which are end to end encrypted by default.
What does this mean for my iCloud data?
If you are in the UK and have not turned on ADP, you will not see a change to the way your data is protected as a result of Apple disabling it.
Your iCloud data will remain protected by standard encryption and, as before, can still be accessed by Apple.
But it does mean you now cannot apply to protect iCloud storage with end to end encryption, even if you want to.
Meanwhile, people in the UK who had ADP enabled prior to Friday’s change will lose access to it a later date.
Apple has not said when, nor how many UK users will be affected.
Some experts have raised alarm over its removal, saying it will leave users less protected and also have wider, global consequences.
ICYMT: Sophia Akuffo Dismisses Partisanship Claims After Council of State Appointment
Graeme Stewart of cybersecurity firm Check Point said it would not mean “a complete free-for-all” as law enforcement must have a warrant to request iCloud data.
But he said other governments may look to replicate the UK’s demand of Apple for a so-called “backdoor” to encrypted cloud data.
Cybersecurity experts have likened the idea of creating a backdoor to someone leaving their house keys under their doormat – essentially creating a vulnerability which anyone, including bad actors, can exploit.
Digital rights group the Electronic Frontier Foundation said that if Apple had complied with the request, it would have created a backdoor not just for UK users “but for people around the world, regardless of where they were or what citizenship they had”.
Apple told the BBC in a statement that it had “never built a backdoor or master key to any of our products, and we never will”.
What protections do Google and Android offer?
Google claims that, like Apple, it protects data as it travels between users’ devices, its services, and data centers by implementing standard encryption across a variety of its services.
Since 2018, the search engine behemoth that owns Android has strengthened security for Android phone system backups.
It makes use of a system that creates a random security key on a device that is encrypted using a user’s pin, pattern, or lock-screen passcode.
Google claims that the passcode-protected data is safely transmitted to high security chips in its data centers and that it is unable to read this security key.
However, because Google Drive and Google Photos are not end-to-end encrypted, the same safeguards do not apply to them.
Additionally, for those who wish to further secure their account, it offers an Advanced Protection Program.
This depends on verifying the account holder with passkeys.
Additionally, certain Samsung Galaxy smartphones come with “enhanced data protection” that encrypts backups of call records, messages, apps, settings, and more from beginning to end.
SOURCE: BBC
