Why Apple's disabling of iCloud encryption in the UK is bad news for everyone

Apple has disabled its most advanced data security feature, Advanced Data Protection (ADP), for UK users following a government request for access to encrypted data.

Apple, a staunch opponent of encryption backdoors, chose to disable Advanced Data Protection (ADP) for UK users last Friday. ADP, which provides end-to-end encryption to ensure only account holders can access their iCloud data, is no longer available in the country. 

Also: The best VPN services (and how to choose the right one for you)

Since its deactivation, any UK-based Apple user attempting to enable the feature is met with an error message.

The move follows an earlier request from the UK Home Office under the Investigatory Powers Act (IPA), which demanded access to encrypted data under certain conditions. 

Enacted in 2016, the IPA grants law enforcement and intelligence agencies broad powers for intercepting communications, accessing communications data, and collecting bulk data. Refusal to comply with a demand comes with the risk of fines or even a ban on operating in the UK.

Also: 5 products Apple silently scrapped while unveiling the iPhone 16e this week

Data indicates that by 2025, over 60% of iPhone users worldwide had enabled Advanced Data Protection (ADP), with adoption rates in the UK lagging at approximately 35%. This disparity highlights the slower uptake of enhanced security measures in the UK compared with global trends.

In a statement, Apple said: “as we have said many times before, we have never built a backdoor or master key to any of our products, and we never will.” 

The company further emphasized the importance of end-to-end encryption, stating that “enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and is hopeful we can do so in the UK in the future.”

From the point of view of iPhone users, very little will change. ADP was opt-in, and only those who had enabled the feature would have been using it. As for those already using ADP, Apple said they will see it withdrawn over time.

Also: Google’s Gemini AI might soon back up Siri on your iPhone – just like ChatGPT

Even without ADP, Apple emphasized that over a dozen iCloud data categories remain end-to-end encrypted by default. These categories include sensitive information, such as health data and the password management system, iCloud Keychain. Additionally, Apple has confirmed that iMessage and FaceTime will continue to be end-to-end encrypted globally, including in the UK.

However, David Ruiz, a senior privacy advocate at cybersecurity firm Malwarebytes, described the situation in a statement to ZDNET as “only bad news,” calling it “difficult to label as anything other than a disaster.” He emphasized that removing end-to-end encryption for cloud storage significantly undermines user security and privacy, with repercussions far beyond the UK.

Ruiz explained how UK security officials requested Apple to “allow the UK government access to UK residents’ encrypted cloud storage” and also demanded “access to any Apple user’s encrypted cloud storage.” This sweeping request raises serious concerns about global privacy and data security.

Ruiz criticized the move: “To demand access to the world’s data is such a brazen, imperialist maneuver that I’m surprised it hasn’t come from, well, honestly, the US.” 

Also: The best VPN services for iPhone and iPad (yes, you need to use one)

He warned that this decision could embolden other nations, particularly those within the Five Eyes alliance (an intelligence-sharing network comprising the US, UK, Canada, Australia, and New Zealand), to make similar demands of Apple.

“In short,” wrote Ruiz, “the loss of end-to-end encryption is bad, yes. But the global impact of this demand has extremely dangerous and idiotic potential.”