Apple has announced a significant expansion of Advanced Data Protection (ADP), its end-to-end encryption (E2EE) feature for iCloud, extending availability to additional countries and adding new protected data categories. The company simultaneously reaffirmed its refusal to comply with UK government demands for backdoor access—a standoff that has left British users unable to access the feature.
Expansion overview
| Attribute | Details |
|---|---|
| Total countries available | 170+ |
| New countries added | 14 |
| Protected data categories | 23 |
| UK availability | Not available |
More data categories protected
Advanced Data Protection now covers 23 iCloud data categories with end-to-end encryption.
Newly added categories
| Category | Protection |
|---|---|
| iCloud Mail | Message content and attachments |
| Contacts | Full contact information |
| Calendars | Events and scheduling data |
| Safari | Browsing history and tab groups |
| Wallet | Passes and transaction metadata |
| Freeform | Collaborative boards |
Previously protected categories
| Category | Since |
|---|---|
| iCloud Backup | December 2022 |
| Notes | December 2022 |
| Photos | December 2022 |
| iCloud Drive | December 2022 |
| Messages in iCloud | December 2022 |
| Safari Bookmarks | December 2022 |
| Siri Shortcuts | December 2022 |
| Voice Memos | December 2022 |
| Health data | December 2022 |
How protection works
When ADP is enabled:
- Encrypted data can only be decrypted on the user’s trusted devices
- Apple cannot access the data
- Law enforcement requests and government subpoenas cannot be fulfilled by Apple
- Only the user (or their designated recovery contacts) can access the information
Geographic expansion
Apple expanded ADP availability to 14 additional countries, bringing the total to over 170 nations.
Notable additions
| Region | Countries |
|---|---|
| Southeast Asia | Indonesia, Vietnam |
| Middle East | Turkey, Egypt |
| Africa | Nigeria |
The expansion followed Apple’s engagement with local regulators to clarify that:
- ADP is an opt-in user feature, not a default setting
- Standard iCloud data remains accessible to Apple under existing legal frameworks when ADP is not enabled
- The feature addresses growing data breach and surveillance threats
UK standoff continues
The expansion comes amid an ongoing and intensifying dispute with the United Kingdom government.
Timeline
| Date | Event |
|---|---|
| January 2025 | UK Home Office issues Technical Capability Notice (TCN) |
| February 2025 | Apple withdraws ADP from UK market |
| August 2025 | UK reportedly withdraws worldwide demand after US protest |
| Late 2025 | UK issues new order targeting British users only |
| January 2026 | Tribunal hearing scheduled (status uncertain) |
The Investigatory Powers Act demand
The UK Home Office issued a Technical Capability Notice (TCN) under the Investigatory Powers Act 2016, demanding that Apple create a mechanism to access end-to-end encrypted iCloud data for law enforcement purposes.
Initial demand: The original order reportedly required Apple to provide backdoor access to data of all Apple users worldwide—not just UK citizens.
US government response: The United States government protested the extraterritorial scope of the demand.
Revised demand: Following US objections, the UK reportedly withdrew the worldwide requirement and issued a new order applying only to British users.
Apple’s position
Apple has maintained an unwavering stance:
“We have never built a backdoor or master key to any of our products or services, and we never will. End-to-end encryption is a critical technology that protects the security of our users, journalists, human rights workers, and everyday citizens.”
Rather than comply with the TCN, Apple chose to withdraw ADP entirely from the UK market in February 2025.
Current UK user impact
| Feature | Status for UK users |
|---|---|
| Advanced Data Protection | Not available |
| Standard Data Protection | Available |
| iMessage E2EE | Available (default) |
| FaceTime E2EE | Available (default) |
| iCloud Keychain | Available (default E2EE) |
| Health data | Available (default E2EE) |
Some existing UK users who enabled ADP before the withdrawal reportedly still have access to the encrypted service.
Privacy organization response
Organizations including the Electronic Frontier Foundation (EFF), Access Now, and Privacy International have supported Apple’s position:
“Any backdoor created for one government would inevitably be exploited by adversaries and authoritarian regimes.”
The privacy community argues that weakening encryption for UK law enforcement creates vulnerabilities that attackers—including hostile nation-states—would eventually exploit.
Technical architecture
ADP uses Apple’s established security architecture:
Key management
| Component | Function |
|---|---|
| Device-generated keys | Encryption keys created on user’s devices |
| Secure Enclave | Hardware protection for key material |
| iCloud Keychain | Transparent key synchronization |
| Hardware Security Modules | Data center access control enforcement |
Recovery options
| Method | Description |
|---|---|
| Recovery key | User-generated backup key |
| Recovery contacts | Designated trusted individuals |
| Apple employees | Cannot assist (no key access) |
iCloud Mail encryption
Apple noted that adding iCloud Mail encryption required significant engineering work to maintain compatibility with standard email protocols:
- E2EE applies to mail stored in iCloud
- Encrypted mail is fully interoperable when sending to external recipients
- Transit encryption (TLS) still applies to all email delivery
Industry context
Apple’s expansion reinforces a broader trend toward default and optional E2EE:
| Company | Platform | Status |
|---|---|---|
| Google Messages (RCS) | Default E2EE (2024) | |
| Meta | Messenger | Default E2EE (late 2023) |
| Meta | Default E2EE (since 2016) | |
| Proton | Proton Mail/Drive | E2EE-native |
| Tuta | Tuta Mail | E2EE-native |
The encryption policy debate
The tension between encryption and lawful access remains one of the most significant policy debates in cybersecurity:
| Pro-encryption position | Pro-access position |
|---|---|
| Protects against data breaches | Impedes criminal investigations |
| Enables journalism and activism | Shelters child exploitation |
| Preserves human rights | Enables terrorism planning |
| Prevents mass surveillance | Frustrates legitimate warrants |
No resolution is expected in 2026.
Enabling Advanced Data Protection
Requirements
| Device | Minimum version |
|---|---|
| iPhone/iPad | iOS/iPadOS 16.2 |
| Mac | macOS 13.1 (Ventura) |
| All account devices | Must be updated |
Setup path
Settings → Apple ID → iCloud → Advanced Data ProtectionBefore enabling
Apple recommends:
- Set up at least one recovery method (recovery key or recovery contact)
- Update all devices on the account to supported software versions
- Understand that Apple cannot assist with data recovery once E2EE is active
Recommendations
For users in available regions
| Action | Benefit |
|---|---|
| Enable ADP | Maximum iCloud protection |
| Set recovery methods | Ensure account recovery capability |
| Update all devices | Enable full feature set |
For UK users
| Option | Consideration |
|---|---|
| Use default E2EE features | iMessage, FaceTime, Keychain, Health still protected |
| Alternative services | Proton, Tuta for E2EE email/storage |
| Monitor legal developments | ADP may return if tribunal rules against TCN |
For organizations
| Consideration | Assessment |
|---|---|
| Data sovereignty | Understand where employee data is stored |
| Compliance | E2EE may conflict with retention requirements |
| Employee protection | Journalists, activists, executives may need E2EE |
Context
Apple’s ADP expansion demonstrates commitment to user privacy while highlighting the global fragmentation of encryption policy. The same feature that protects 170+ countries’ users is unavailable to British citizens due to government demands that Apple has refused to accommodate.
The UK situation illustrates the practical consequences of encryption backdoor demands:
- Users lose access to security features
- No backdoor is actually created
- The government achieves neither surveillance capability nor user protection
For users outside the UK, the expansion of ADP to additional data categories—particularly iCloud Mail—represents a significant enhancement to iCloud security. The addition of email encryption addresses a long-standing gap, though the complexity of email protocols means the protection applies primarily to stored mail rather than messages in transit to external recipients.
The encryption policy debate will continue, but Apple’s position appears firm: the company will withdraw features rather than compromise the cryptographic guarantees it provides to users.