Apple’s Advanced Data Protection Gives You More Keys to iCloud Data

I think your best shot in a situation like this where you want access to iCloud data without having to sign in using the Apple authentication framework is just to create an app-specific password for your IMAP/SMTP/CALDAV/CARDDAV access and use standard PLAIN authentication. These are “well-known” endpoints (imap.mail.me.com, smtp.mail.me.com, contacts.icloud.com, calddav.icloud.com). Of course if you can make it work by other means / if you can do without, that works too. :slight_smile:

Yes, they have, much as it pains me to concur, succeeded in their shameful little coup to extract further revenue from the already very likely premium-storage purchaser of Apple hardware. And ditto re my move to iCloud backup at no extra cost, except that I’m already paying for 50 GB storage, now close to empty thanks to the backups next to my iCloud Mail, some iCloud Drive content, and EPub/PDF books, so that while I do appreciate iCloud Plus, it’s more that I don’t have to pay extra for this change, just to pay what I’m already paying. I am distinctly displeased by it, though–an iCloud backup may be more convenient, but it doesn’t back up “sync data”, so you still need to be tethered if you actually want to restore your device as is, particularly for stuff you just can’t get from the cloud (non-Apple audiobooks, lossless music, etc). But I think I’ve already grumbled enough about that, so …

Yes, that’s my take; the choice is simply one of the mechanism used. Using Messages in iCloud would seem to be the more flexible option, since you can choose not to use Backup at all if you want, and because it makes syncing much easier if you add a new device.

1 Like

I attempted to enable Advanced Data Protection on my iPhone but received a message that my iPad first had to be updated to iPadOS16.2. Apple seems to think it is on 15.xx (I can’t remember). But the iPad is definitely at 16.2. I tried turning off the iPad and the iPhone but nothing changed. Similarly, if I try to turn on ADP on my wife’s iPhone, she gets a message that our iMac needs to be updated. But it is updated to 13.1. I don’t see that message on my phone. FWIW, we share contacts and calendars on our devices so are each logged into iCloud on our respective devices. Any suggestions on what is going on and how to resolve the issue?

I pushed all my very old Macs (those that cannot be updated to a sufficiently new macOS – as well as my really old iPhones/iPads) off my iCloud so I could finally test ADP.

But now it looks like since my wife and I are in Family Sharing I also need to get her to do the same for her devices. No ADP for me until all her stuff is also up to the latest and greatest. :frowning:

She won’t mind pushing her old 2010 13" MB or an old iPhone 4 out of iCloud, but she’s not going to be thrilled about being “forced” to upgrade to 13.1 right now on her main MacBook. Not that she minds 13.1 (and due to security concerns she would do so eventually anyway), but like me she’s not really interested in any of the “new stuff” so to her such an upgrade is just a waste of time that at best interferes with her work, and at worst means follow-on trouble that then has to be sorted out. Some of Apple’s latest software QA/QC snafus have certainly left a mark. I will have to tread lightly and be prepared to offer up a dinner invitation. :wink:

1 Like

Ok, so much for me right now, then. Family plan with my wife and my two adult kids, and who knows what their Macs and iPhones are running these days? (One of them has a 12” MacBook, though I think it’s the one that supports Ventura. So, someday, maybe.) I’m pretty sure my wife is still on 15.7.1 on her iPad Mini. I’ll have to check at some point.

So … I’m thinking about starting a family. (Being still single and just yesterday turned 40, there are obstacles, but nothing insurmountable, I hope.) My mother needs more than the 5 GB of storage for free, and my iCloud backups have just pushed me into the storage red. I need more iCloud storage. My options are to stridently object to Apple’s forced backups to iCloud, which is my short-term temporary fix, or to upgrade to the 200 GB plan, help mum cancel her own 50 GB storage, then start a family in order to share. It’s all about the pennies, you understand. No doubt the switch to iCloud is now absolutely inevitable, but as things stand I’m back to entering my passcode every time I want to start a backup. Obviously, I am a wee bit annoyed. As now discussed, though, the bigger problem is going to be getting ADP enabled. Fortunately I will be able to help mum do her upgrades, and she’s quite able to adapt to subtle changes after the initial bump, so that should also be a temporary roadblock. Or maybe I should just swallow my pride and start throwing money at Apple, given the amounts being saved. Reducing my usage isn’t much of an option at present, sadly.

What happens if you have iCloud Family members with a device not on the latest OS, when trying to enable ADP?

Does it actually check every device they’re logged into for compatibility before allowing it, or just lock them out of said device entirely somehow until they upgrade it to the latest OS?

It would be good to know the methodology beforehand, in case we hit against it.

If they are not on the latest OS they wont have an option to enable ADP.

So you can turn it on for yourself, but they won’t be able to enable it at all on any of their devices. Is that right?

EDIT: …or not?

When you attempt to turn it on you will get a notice that all non-compliant devices must abandon iCloud first.

“abandon iCloud” - what does that mean?

Devices without ADP capability will no longer be able to use an iCloud account that has been fully encrypted by an ADP device and must disable iCloud access on that device.

Really all you need to do is go into Apple ID settings on any device with 16.2 or 13.1 and remove any devices that don’t have those versions from your list of devices. Tap (or click) and there is an option to remove the device from iCloud.

It has no effect. I know that my wife’s phone is still on 16.1.2 and iPad is on 15.7.X. I just turned on ADP for my account.

I’m not quite sure what Simon was seeing above, because it worked for me. I also have my kids on family sharing and I have no idea what their versions their devices are on. As long as I don’t have an account on their Macs that is logged in to iCloud, I was able to turn on ADP.

One word of caution: I read about somebody who decided to add a recovery key before turning on ADP. I already had done this, over a year ago (well, actually it was exactly a year ago, based on the date in my 1Password record). The person I read about on Reddit was required to wait three months after setting the new key before they can turn on ADP. I don’t know if you’re prompted to set a new recovery key (or select a recovery contact) as part of setting up ADP, since I already had one, but you may end up with a waiting period if you don’t have one already.

(Quoting what Simon said above - I didn’t have this issue at all.)

2 Likes

I’d sure like to know what kind of magic sauce you have to make that work, @ddmiller.

My wife has in the meantime updated her iPhone to 16.2, but that still leaves her MBA on Monterey. And sure enough, as long as that remains there apparently there’s no ADP for me. :frowning: See below.

Do you have an account on her MBA? Or is it listed as one of ‘your’ devices in your Apple support account even if she is the only one with an account on the actual Mac?

1 Like

Excellent catch! :slight_smile: Indeed, her MBA is listed under my support account.

I don’t really understand why though. Sure, she purchased it using my Apple Store account, but once it arrived she set it up herself and I’ve never had any account or anything of my own whatsoever on there. For the initial purchase she used my Apple Store account the same way to buy her iPhone and that’s not listed under my support account either. No idea why the inconsistency. But regardless, why would it matter who originally ordered the item vs. who actually owns it (per Setup Assistant or FindMy or whatever that’s called)?

But the better question perhaps then is, how do I get her MBA off my support account and onto hers?

1 Like

Settings / Apple ID (on another device). Scroll down to the computer on the listing of devices, click or tap it, and click remove.

If her Apple ID is logged in it should be on her listing as well.

ADP is causing problems with the latest Homepod update:

1 Like