Apple Disables Advanced Data Protection in the UK

Originally published at: https://tidbits.com/2025/02/22/apple-disables-advanced-data-protection-in-the-uk/

In the face of an unprecedented secret demand by the government of the United Kingdom to provide backdoor access to all iCloud data worldwide, Apple stood firm. Instead, the company disabled UK customers’ ability to turn on Advanced Data Protection (ADP), a feature added to iCloud in late 2022 (see “Apple’s Advanced Data Protection Gives You More Keys to iCloud Data,” 8 December 2022). ADP provides end-to-end encryption using device-based keys for most iCloud data other than email, contact, and calendar data due to the need to interoperate with external services. Apple will eventually disable ADP for all UK customers, though the process may be fraught.

The addition of ADP provided a powerful bulwark against unwanted access to private information stored on Apple’s servers. While all iCloud data is encrypted using keys that Apple possesses, it was vulnerable to government requests for data that the company could not refuse under local law. By using end-to-end encryption, ADP puts data beyond Apple’s ability to decrypt it—the company would have to build an intentional hole into the encryption system Apple could exploit to break the chain of user custody of our own data.

Apple released a carefully worded statement:

Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.

The UK government’s actions have not been announced but were alleged two weeks ago in reporting by the Washington Post and others. The UK Investigatory Powers Act of 2016, known by those who oppose it as the “Snoopers’ Charter,” lets the government demand companies assist in providing access to electronic information for investigations. The law also makes it a criminal offense for any company asked by the government for such information to disclose the request.

A similar provision appears in the USA/Patriot Act, which dramatically expanded the US government’s ability to spy domestically on its own citizens, something that had previously been curtailed in various ways because of the potential for abuse.

Apple’s statement carefully sidesteps the cause of its actions while revealing that it has made changes to available features. This resembles efforts that took place after the Patriot Act when some sites and organizations posted “warrant canary” pages, which indicated that no Patriot Act warrant had been received. They would remove such a page if a warrant was presented, providing “negative knowledge”—interested parties would use page-update trackers to be notified when such pages were removed. Apple included such a warrant canary in a 2013 transparency report; it disappeared in subsequent reports.

While Apple can prevent people in the UK new to ADP from enabling it, disabling the feature for existing users will be more complicated because it requires a device-based action to retrieve the encryption key and decrypt the data. No one knows how many users in the UK have enabled ADP. But I would expect that all of them will shortly receive an email that says access to ADP is ending in the United Kingdom and that they must follow a manual process to remove ADP by a given date, or their access to all iCloud information will be disabled until they comply.

If you live anywhere else in the world, consider enabling ADP now. There’s a reason the UK government is allegedly afraid of it. An infinitesimal amount of all personal data in the world relates to criminal acts—and some of that data is defined as criminal in contravention of international norms of human rights and freedom of expression. Politicians and governments, for uninformed or malicious reasons, want access to everything, violating your privacy and turning every bit into a potential way to accuse people of criminality.

ADP has a significant drawback: Apple cannot help you recover your data due to forgetfulness or catastrophe. You must make sure you never lose all your devices, that you generate and securely store a Recovery Key, and that you appoint trusted people as Recovery Contacts. ADP may cause you to fear losing your data, but it’s a sure way to lock it behind a wall so secure that no government can batter it down. The only question is whether Apple will be permitted to keep offering the features in countries other than the UK.

Mine was disabled within an hour of the announcement!

The BBC is reporting that Apple have reportedly stopped allowing users in the UK from adding Advanced Data Protection.

Corroborated:

I see Apple getting a lot of bad press over this…things like abandoning privacy and knuckling under to t(r government…but I think those are misplaced. They essentially had 3 less than optimum choices. Insert the demanded back door, abandon the UK market, or just remove ADP for those users. None of those were good choices…but just removing ADP for UK users seems t(r least bad. I don’t know whether their government will accept that as the law demands worldwide compliance…but then I don’t think the UK can demand worldwide compliance to their laws.

They have no choice but to accept it… because the “it” is no longer there. With no encryption, there is no “backdoor” needed to get the data. Essentially, the EU is saying “the law demands we have a key to your front door” and Apple has essentially just said “we don’t have doors.”

Well, there is still end to end encryption. Health data, iCloud Keychain, Messages in iCloud, and FaceTime calls remain end to end encrypted. And to be pedantic, everything else is still encrypted, but Apple also has a key to decrypt everything else (including device backups.)

I am afraid if UK government wanted to not end-to-end encrypt these data as well (especially messaging on iMessage and WhatsApp), and even removing all kinds of encryption even when paying online. Even blocking Apple Pay or Google Pay which intends to be safe payment online, so that the government can check everyone’s every second.

Simply removing ADP may be just back to Dec 2022 but the main issue is I am afraid if this is the very first step to risk innocent normal citizens to various scams and charging.

But according to what I’ve read the law applies worldwide and to non UK citizens as well…which makes no sense. That’s why I wonder what the government will think about it…because while Apple did choose the least bad alternative…in my understanding of the law they are only partially complying with it and what will the UK DoJ and courts say.

I don’t see how a law in the UK can possibly apply to everyone in the world…they don’t have jurisdiction but obviously whoever wrote the law thinks the wording justifies what they want. I guess Microsoft and Google and every other company is complying though…and I personally doubt the legality and common sense of secret orders you can’t talk about as FISA does sometimes.

Your ability to enable it?

That is what the article is about?

I’m curious how iMessage and these other data forms will be affected. iMessage can’t work without end-to-end encryption. The other data categories you note are all designed for E2EE, so there’s no “reduced security” option.

We don’t know the exact wording of the order, secret as it is, but the reporting indicates the Briitsh government was asking for a backdoor that would allow access to all iCloud data—not just that of UK citizens or residents. The appeals process for the Investigatory Act, which Apple could go through, requires first obeying the secret order before the appeals process is conducted. Seems against human rights.

Sure - I posted that to a previous thread about 24 hours before your article. Adam must have moved it.

Honestly I wonder if that was just a reporter’s bad wording, or if the communication from his source(s) was vague. As a reminder, here is the original article - gift link. As you say, we really don’t know what the UK order directed Apple to do, but it may not have literally been directing for a “backdoor” - it may have been merely that they were directing Apple to provided decrypted information whenever directed to by a UK secret warrant, and it was up to Apple whether that meant a backdoor (which is specifically a key that Apple can share that can decrypt anything) or just that Apple would have their own key that they would not need to share with the UK.

I suppose it could be argued that Apple could redesign iMessage to allow them to have a decryption key to all messages so they could decrypt when legally compelled to. Let’s hope that this change to iMessage would be communicated, though.

Also, of course, anyone who does not use Messages in iCloud and backs up their phone to iCloud and does not use ADP could have their messages extracted from the backup.

That sneaky Adam!

The BBC story quotes a so-called privacy expert who sounds exactly like a government source—and she appears to have spent half her career working for government bodies.

That’s the problem. Conceivably the UK was asking for on-demand access to any iCloud information worldwide that they would argue was related to a UK criminal investigation. Thus Apple would have to deploy a weakened, compromisable system worldwide. You can’t selectively enable/disable this kind of security hole because it’s fundamental.

Not sure if it’s against human rights but it’s certainly against common sense…and even in the UK you’re innocent until proven guilty. Obeying the order and providing the backdoor is extremely unlikely to be overturned by whatever the appeal process is so that isn’t really a very good solution.

I wonder if they actually gave any thought to drawing a line in the sand and threatening to abandon the UK market? Probably not…their revenue in 2023 was 383 billion and 95 billion of that was in the UK and abandoning 25% of your revenue doesn’t seem like prudent management of their fiduciary duties. OTOH…if they did threaten to do that maybe the uproar in the country would have gotten the requirement eliminated.

So what happens to a non-UK Apple Account holder who has ADP enabled and who enters the UK on business or holiday? Will they need to disable ADP or lose iCloud access while they’re in the UK? Does UK jurisdiction extend to say a British Airways plane in New York?

Can of worms – meet daylight!

Given that this law makes it a criminal offence for any company to disclose any such request, I can’t help wondering whether other companies that store our data have already complied without our knowledge.