After years of delay under government pressure, Apple said Wednesday that it will offer fully encrypted backups of photos, chat histories and most other sensitive user data in its cloud storage system worldwide, putting them out of reach of most hackers, spies and law enforcement.
Apple has benefited for more than a decade from a perception that it does more than other phone and computer companies to safeguard privacy, including its use of end-to-end encryption for iMessages between Apple devices. Those can only be read on the devices, not by Apple, a phone service provider or police with a warrant.
But most iPhone and Mac computer owners back up their iMessages, photos and other content to Apple’s iCloud, where the company can retrieve it for locked-out users or authorities. That has also left the material open to hackers that have tricked customers out of their passwords, increasing the potential for embarrassment and even extortion.
Apple representatives said those threats, and increasing attempts to breach cloud providers, made end-to-end encryption in the cloud the best option for those most concerned about security.
The step is likely to draw protests from multiple governments, some of which could take legislative or court action or deny Apple access to their markets. Top law enforcement officials in the United States, Britain and other democracies have railed against strong encryption, and some have passed laws they could use to try to force companies to cooperate against their customers.
Late Wednesday, the FBI said it was “deeply concerned with the threat end-to-end and user-only-access encryption pose.”
“This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism,” the bureau said in an emailed statement. “In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design.'”
The encryption option will be available for public software testers immediately, for all U.S. customers by year-end, and for other countries starting next year, Apple said. It added that it might not reach every country by the end of 2023.
Apple’s move follows similar ones by other companies and organizations that have caught up to it on privacy or gone further.
Facebook’s WhatsApp is the most-used fully encrypted messenger, and it began offering an encrypted backup a year ago. Signal, which develops the protocol used by WhatsApp and others, does not allow cloud backups to prevent improper access. Google offers encrypted backups, though it is unclear how popular the service is.
After hacks of cloud service providers, an increasing number of businesses are insisting on controlling decryption keys themselves. Apple will now provide that option to consumers as well.
Privacy experts were thrilled by Apple’s announcement.
“This is great,” said Meredith Whittaker, president of Signal, an encrypted chat app. “There’s been enough pressure and enough narrative work that they see the side of history forming. It’s really incredible.”
The shift is likely to slow an especially effective law enforcement tool. In a six-month period covered in Apple’s most recent transparency report, the company said it had turned over users’ content for legal reasons 3,980 times, mostly in the United States and Brazil. It said legal requests for all types of account data, including just identifying information, had doubled in two years to more than 20,000.
In China, Apple has come under intensifying criticism for not doing more to protect iPhone users who are already heavily surveilled. During the recent wave of protests against harsh covid restrictions, Apple limited the use of AirDrop, which people were using to share videos and other large files at close range. The iCloud data in China is stored on servers under a local company’s control.
Apple had intended to introduce fully encrypted iCloud storage many years ago, according to FBI agents and Apple employees at the time. The FBI objected, and Apple shelved the idea rather than face a public fight.
Instead, it picked specific categories of data that would be walled off from outside prying, including passwords and payment and health data. Now, everything can be stored securely except for email, calendar and contacts functions that need to interoperate with multiple providers.
Apple will require that users set up a recovery key or name another person who can help them get access in the event that they are locked out. That person, the account holder and Apple would all have to be involved in the recovery.
In a second victory for privacy advocates, Apple said it was dropping a plan to scan user photos for child sex abuse images. The company had paused that plan shortly after its announcement last year, as security experts argued that it would intrude on user’s device privacy and be subject to abuse.
Apple also said Wednesday that it was making iPhones compatible with physical security keys that would connect to the phone so that consumers can require them for access to their accounts from new devices. That way, phishing attackers who steal passwords and user names would still be unable to get in.