Apple devices have featured end-to-end encryption by default for years, using your passcode as the key. This encryption means that unauthorized access or theft of your devices can't lead to data or identity theft.

Combined with iCloud, Apple users have little to fear regarding data loss as long as device keys are safe, and iCloud passwords are secure.

Apple is now plugging more security gaps with Advanced Data Protection and two other security features, where even Apple doesn't have the key to your iCloud data, like how it doesn't have the key to data stored locally on your device.

When Are These Features Available?

Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection were outlined in an Apple press release in early December 2022.

We know that iMessage Contact Key Verification will be available globally in 2023, Security Keys for Apple ID will be available globally in early 2023, and Advanced Data Protection for iCloud is already available in the US and will start rolling out to the rest of the world in early 2023.

To understand Contact Key Verification and Advanced Data Protection, you may want to refresh your understanding of Transport Layer Security and know how end-to-end encryption differs from other types of encryption.

What Is Contact Key Verification?

iMessage and FaceTime have been end-to-end encrypted since launch, meaning only you and the person you are communicating with have the keys.

If Apple is hacked, the Transport Layer Security used is compromised by a malicious certificate, or the network you are using is vulnerable, the data will be useless to the eavesdropper as they don't have these keys.

Contact Key Verification is a security feature that alerts you when an unrecognized device may have been added to the other person's account and can access your iMessage conversation. When this prompt appears in your conversation, you can click the options button which explains what you can do to confirm your messages are only being read by the intended recipient.

For even higher security, when both people have iMessage Contact Key Verification enabled, they can compare Contact Verification Code in person, on FaceTime, or on another secure call.

What Are Security Keys For Apple ID?

YubiKey-5-Series
Image credits: YubiKey 5 Series

Security keys are physical keys that have unique codes stored on them, which are used to generate a different set of codes that confirm your identity. As you don't need to input any codes yourself, phishing scams are rendered useless. Hardware two-step authentication is the most secure method of authentication.

You can read our article about why you should use two-factor authentication on most of your accounts for a primer, but chances are you already have it enabled on your Apple ID.

Apple is one of few technology companies of its size to enable two-factor authentication by default, and it claims that 95% of Apple IDs have it enabled. When you log in on a new device, you need to approve it on an existing device with a code, after being shown the location on a map to ensure it's really you.

As a backup, you can use the less secure SMS authentication in the event you don't have access to an existing device. If you do, you may want to learn the best ways to avoid phishing scams to keep yourself protected.

Security keys are a more secure alternative to the default two-factor authentication and SMS authentication. There are some cons, however. You need to keep keys nearby if you plan on logging in on the go, and you should have at least two in separate places to ensure you don't get locked out. We've covered the best security keys for online protection if you are interested in using hardware authentication.

What Is Advanced Data Protection?

Advanced Data Protection is On message

Arguably the most important feature introduced by Apple was Advanced Data Protection. As we explained, data on most Apple devices has been encrypted for years, and the combination of encryption and iCloud backups made Apple a great choice for those worried about data theft or data loss.

However, only specific types of data are end-to-end encrypted in iCloud on Apple's servers. In the event that Apple is hacked, data not end-to-end encrypted could be leaked, along with the encryption keys.

While this is unlikely as Apple and most technology companies of its size employ serious security measures, it's not impossible and different levels of data breaches are reported regularly in the industry.

With Standard Data Protection, the default setting on Apple accounts, the following data is end-to-end encrypted with the keys stored on trusted devices:

  • Passwords and Keychain
  • Health Data
  • Home Data
  • Messages in iCloud
  • Payment Information
  • Apple Card Transactions
  • Maps
  • QuickType Keyboard Learned Vocabulary
  • Safari
  • Screen Time
  • Siri Information
  • Wi-Fi Passwords
  • W1 and H1 Bluetooth Keys
  • Memoji

Everything else stored in iCloud is encrypted, but not end-to-end as Apple holds the keys. This is why they can be leaked, and the encrypted data can be decrypted by an attacker.

Enabling Advanced Data Protection encrypts the following data, in addition to the data covered by Standard Data Protection:

  • iCloud Backup (including device and Messages backup)
  • iCloud Drive
  • Photos
  • Notes
  • Reminders
  • Safari Bookmarks
  • Siri Shortcuts
  • Voice Memos
  • Wallet Passes

Enabling Advanced Data Protection leaves only iCloud Mail, Contacts, and Calendars without end-to-end encryption. You can explore this in further detail in the iCloud data security overview.

Like Security Keys for Apple ID, Advanced Data Protection does have its own set of cons. Nobody, not even Apple, can access your end-to-end encrypted data, so a data breach of the cloud would leave your data safe.

This means that if you lose access to your account, only you can recover your data using your device passcode, recovery contact, or recovery key. Apple cannot help you recover this data. We explain how to enable Advanced Data Protection step by step and a worldwide rollout is expected in early 2023.

Like the newly added Lockdown Mode on iOS, most people won't need the additional protection offered by these features (which is good news). However, they are becoming essential for politicians, journalists, celebrities, and CEOs as attacks become more common and more sophisticated.

Who Should Use These Features?

Enabling Contact Key Verification doesn't come with cons, if somebody you talk to adds a new device to their account that can access your iMessages, you will be given a prompt and can ask them if it was them to make sure nobody else is reading your conversation. However, the ability to compare keys shouldn't be necessary for most unless you fall into one of the more targeted categories.

If you have at least two security keys, then enabling Security Keys for Apple ID may be a good idea, but be aware of how essential it is that you don't lose both of those keys and that you won't be able to log in on the move without one of them.

Advanced Data Protection is an extremely powerful security feature, as iCloud Backup, iCloud Drive, and iCloud Photos store almost the entire contents of our Apple devices. Great for avoiding data loss, but detrimental if involved in a breach.

If you know for sure that your device passcode isn't going to be forgotten, where you can store your recovery key, and some recovery contacts to add, then being locked out will be difficult. This is a feature that we all hope won't be necessary, but if it should then many will be thankful that they enabled it. We say if you can guarantee those three things, it might be worth considering.

Will My Account Be Safe Without These Features?

These security features by Apple are a great step forward for people likely to be targeted by sophisticated attacks, especially with spyware like Pegasus still on the minds of many. While they are worth looking into for those interested, you shouldn't feel forced into enabling any of these features.

Keeping your operating system and apps updated, using unique passwords to secure your Apple ID and iCloud content, along with normal security advice is more than fine for the vast majority of people. Apple doesn't recommend these features for average users.