Apple Removes Advanced Data Protection from UK
February 22, 2025•671 words
In a significant move, Apple has decided to discontinue its Advanced Data Protection (ADP) feature in the United Kingdom. This decision comes after the UK (communist) government demanded the creation of a backdoor, aiming to access user information for surveillance purposes. Apple's stance on privacy and security has led them to remove the feature rather than compromise their encryption standards for millions of users.
What is Advanced Data Protection?
Advanced Data Protection is an optional feature by Apple that enhances privacy and security of iCloud data by making it end-to-end encrypted. It provides users with an additional layer of security, ensuring that data can only be accessed by the user. When ADP is turned on by the user, Apple is unable to see what data a user stores in iCloud. This feature was particularly valued by users who prioritise their digital security and privacy, like whistle-blowers or journalists.
The UK Government's Demands
The UK government, invoking the Investigatory Powers Act (IPA), pressured Apple to try and create a backdoor in their encrypted services. This backdoor would allow law enforcement agencies to gain access encrypted data, on the grounds of "national security purposes and investigating criminal activity". However, Apple has opposed such measures, arguing that backdoors weaken overall security and expose users to potential vulnerabilities. Security experts around the world have also expressed that creating a backdoor would overall weaken security and allow hackers and foreign governments to exploit and spy on users activity.
Apple's decision reflects the broader debate on encryption and government access. As governments increasingly seek access to encrypted data, companies like Apple face difficult choices. This incident sets a precedent, showing how companies might respond to similar demands in the future. For example, encrypted messaging apps like Signal may pull out of the UK market entirely if the UK Government demands backdoor access.
I live in the UK, what should I do if I use ADP?
If you are in the UK and you have ADP enabled for iCloud, you don't have to do anything right now. Your data inside iCloud remains end-to-end encrypted and Apple nor Government agencies can see or access your data. However, at some point in the near future, Apple will force users who have ADP enabled to disable the feature all together to continue using iCloud in the UK. It is recommended that you now start to migrate your iCloud data to other private alternatives that will keep your data privacy protected.
I have listed below some iCloud alternatives that keep your data protected using end-to-end encryption. It's up to you if you want to use them:
Proton Drive
Based in Switzerland, Proton Drive is a secure, end-to-end encrypted cloud storage service provided by Proton, the company behind Proton Mail. Proton Drive’s end-to-end encryption ensures that your files, their names, and more are all fully encrypted at rest and in transit to your secure cloud. Proton can't access your files, so your data remains fully owned, accessible, and controlled by you.
Based in Germany, Filen is a cloud storage service that provides offers client-side zero-knowledge encryption. Filen emphasises privacy and security, making it an attractive option for users who are concerned about data ownership and censorship.
MEGA
Based in New Zealand, MEGA is a cloud storage service that offers zero-knowledge encryption on all your files. With MEGA, you’re the only one who holds the key to your data. They offer flexible storage plans up to 16TB.
If you want more alternatives to iCloud, I recommend checking out the crowd-sourcing website AlternativeTo.net
If you would like to continue to use Apple's iCloud, I recommend using a tool that encrypts your data locally before your data is uploaded to iCloud servers.
Cryptomator
Cryptomator is a free and open-source encryption software designed to secure your files and folders. The tool uses AES encryption, a robust standard for data security, and employs client-side encryption, meaning your data is scrambled before it reaches the cloud.
Until next time...