Apple increases user security with strong new data protections

December 7, 2022

Update

Apple increases user security with strong new data protections

iMessage Contact Key Authentication, Security Keys for Apple ID, and Advanced Data Protection for iCloud give users the new tools they need to protect their most sensitive data and communications.

Apple today introduced three advanced security features focused on protecting user data in the cloud, representing the next step in providing users with stronger ways to protect their data. With iMessage Contact Key Verification, users can verify who they are communicating with. With Apple ID Security Keys, users have the option to require a physical security key to sign in to their Apple ID account. And with iCloud Advanced Data Protection, which uses end-to-end encryption to provide the highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud backups, photos, notes, and more.

As threats to user data become increasingly sophisticated and complex, these new features join a suite of other protections that make Apple products the most secure on the market: from security built directly into custom chips with best-in-class device encryption and data security. Protections, features such as Lockdown Mode, provide an extreme alternative level of security for users such as journalists, human rights defenders and diplomats. Apple is committed to strengthening device and cloud security and adding new protections over time.

“At Apple, we are unwavering in our commitment to providing our users with the best information security in the world. We constantly identify and mitigate threats to their personal data on device and in the cloud,” said Craig Federighi, Apple’s senior vice president of software engineering. And with iMessage Contact Key authentication, Security Keys, and Advanced Data Protection, iCloud users will have three powerful new tools to further protect their most sensitive data and communications.”

iMessage contact key verification

Apple pioneered end-to-end encryption in consumer communication services with iMessage to ensure that messages can only be read by the sender and recipient. FaceTime has used encryption since its launch to keep conversations private and secure. Now with iMessage Contact Key Verification, users who face unique digital risks, such as journalists, human rights activists, and government officials, can choose to further verify that only the people they’re messaging are with. Most users will never be targeted by highly sophisticated cyberattacks, but the feature provides an extra layer of security for those who might. Conversations between users who have enabled iMessage Contact Key authentication will receive automatic alerts if a particularly advanced adversary, such as a state-sponsored attacker, breaches cloud servers and inserts their own tools to monitor encrypted communications. And for added security, with iMessage Contact Key Verification, users can compare a contact’s verification code in person, on FaceTime, or over another secure call.

Security keys

Apple in 2010 In 2015, it introduced two-factor authentication for Apple ID. Today, more than 95 percent of active iCloud accounts use this protection, which we know is the most widely used two-factor authentication system in the world. Now with Security Keys, users will have the option of using third-party hardware security keys to enhance this protection. This feature is designed for users who experience integrated threats to their online accounts, mostly due to their public profile, such as celebrities, journalists, and government officials. Security Keys strengthens Apple’s two-factor authentication by requiring one of two reasons for a hardware security key for opt-in users. This further requires our two-factor authentication, which prevents even an advanced attacker from obtaining the user’s second object through phishing.

Advanced data protection for iCloud

For years, Apple has provided industry-leading data security on its devices with the sophisticated file encryption system built into iPhone, iPad and Mac data protection. “Apple makes the most secure mobile devices on the market. And now, we’re building on that powerful foundation,” said Evan Krstich, Apple’s head of security engineering and architecture. It gives users the option to maintain end-to-end encryption so they can only decrypt their data on trusted devices.” Advanced data protection for opt-in users Most iCloud data is protected in the cloud, even if it’s breached.

iCloud already protects 14 categories of sensitive data using end-to-end encryption by default, including passwords in iCloud Keychain and health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud backups, notes and photos. The main categories of iCloud data not covered are iCloud Mail, Contacts, and Calendar because of the need to integrate with global email, contacts, and calendar systems.

Improved security for user data in the cloud is needed more urgently than ever, according to the summary of a new data breach study published today, “The Rising Risk of Customer Data in the Cloud.” In the year Between 2013 and 2021, total data breaches more than tripled, exposing 1.1 billion personal records worldwide in 2021 alone, experts said. Increasingly, companies in the technology industry are addressing this growing threat by implementing end-to-end encryption in their offerings.

Availability

• iMessage address key authentication will be available globally in 2023.
• Apple ID security keys will be available globally in early 2023.
• Advanced Data Protection for iCloud is available today to members of Apple’s Beta Software Program in the US, and will be available to US users later this year. The feature will begin rolling out to the rest of the world in early 2023.
• A complete technical overview of optional security enhancements that provide greater data protection is available in our Platform security guide“The Rising Threat to Customer Data in the Cloud” by Dr. Stuart Madnick, Graduate Professor at MIT Sloan School of Management, with Data Breach Research.

Press the contacts

Trevor Kincaid

Apple

t_kincaid@apple.com

(202) 281-6403

Shane Bauer

Apple

sa_bauer@apple.com

(512) 966-7192

Apple Media Helpline

media.help@apple.com