Apple pulls encryption feature from UK over government spying demands

Apple has stopped offering its end-to-end encrypted iCloud storage, Advanced Data Protection (ADP), to new users in the UK, and will require existing users to disable the feature at some point in the future. The move comes following reports earlier this month that UK security services requested Apple grant them backdoor access to worldwide users' encrypted backups.

Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature, says Apple spokesperson Julien Trosdorf in a statement to The Verge. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy."

ADP works by protecting iCloud data with end-to-end encryption, meaning it can only be decrypted by the person who owns the iCloud account on their own devices. Apple originally launched ADP in late 2022, allowing iCloud data like file backups and photos to be protected by the feature. Removing ADP means that British users' files will be accessible to Apple, and shareable with law enforcement, though that would still require a warrant.

Some types of iCloud data are end-to-end encrypted by default, and will remain so even in the UK. This includes passwords, health data, payment information, and iMessage logs. iCloud file backups, photos, notes, and voice memos are among the data types that will no longer be encrypted.

Apple has already stopped offering Advanced Data Protection to new users in the UK, advising them that it can no longer offer" the service. Apple won't be able to disable ADP automatically on existing iCloud accounts, because of the way the end-to-end encryption feature works. Trosdorf tells The Verge that UK users will be given an amount of time to disable ADP to keep using their iCloud account, though the company has not said when the deadline will be.

Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom," says Trosdorf. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will."

Earlier this month The Washington Post reported that the UK Home Office, led by Home Secretary Yvette Cooper, had demanded backdoor access to encrypted files uploaded not only by Brits, but by users worldwide. The company was reportedly served a document called a technical capability notice under the UK's Investigatory Powers Act of 2016, also known as the Snoopers' Charter. Apple has the right to appeal any demand made under the act, but not to delay implementation of the order.

It was reported then that Apple was likely to disable its UK encryption instead of granting security services a backdoor, but that this might not placate the Labour government, which would still not be able to access encrypted files uploaded elsewhere in the world. Apple did not issue any statement at the time, and even now has not explained why ADP is being disabled, but even revealing that the government had made a demand under the Investigatory Powers Act would reportedly be a criminal offense.

UK security services have repeatedly pushed back against end-to-end encrypted services in the past, making the argument that encryption is used by terrorists and child abusers to hide from law enforcement. End-to-end encryption cannot be allowed to hamper efforts to catch perpetrators of the most serious crimes," a government spokesperson toldThe Guardianin 2022 when Apple first introduced end-to-end encryption.

Apple has made its own arguments against the UK's position in the past. There is no reason why the UK [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption,"Apple told the British parliamentin March 2024 during a debate on an amendment to the Investigatory Powers Act.

Apple is not the only tech company to offer end-to-end encrypted backups. Google has offered encrypted backups to Android users since 2018, and Meta also offers the option to encrypt WhatsApp backups. Both are currently still available in the UK.

ADP remains available outside of the UK, and can be enabled from iCloud's settings options. To activate it, any devices tied to your Apple ID will have to be up-to-date, and you must turn on Apple's Account Recovery features as well. ADP is free to use, and if you're outside the UK we recommend enabling it.