iCloud uses strong security methods and strict policies to protect your data. Since iOS 16.3 and macOS Ventura 13.2, you can take advantage of advanced data protection for iCloud.
Apple offers two options to protect your data in iCloud. Standard data protection or advanced. You have to activate the latter manually and it goes further than the standard version so that almost all your personal data is provided with end-to-end encryption.
iCloud data security and encryption
Apple tries to protect your data in various ways. This starts with your Apple ID, which features two-factor authentication to protect you from fraudulent attempts to access your account. The next step is end-to-end encryption of data stored in iCloud.
Apple offers two options to encrypt and protect the data you store in iCloud:
- Standard data protection is the default setting for your account. For example, your iCloud data is encrypted and the encryption keys are secured in Apple’s data centers. This allows Apple to help you with data recovery. As a result, not all data is end-to-end encrypted.
- Advanced data protection for iCloud goes a step further and is an optional setting that provides the highest level of cloud data security. If you choose to enable advanced data protection, only your trusted devices will retain access to the encryption keys for most of your iCloud data, protecting it with end-to-end encryption. The additional data protected includes iCloud backups, photos, notes, and more.
Standard data protection
Standard data protection is the default setting for your account and active for all iCloud users. Your data is encrypted during transmission and is kept in an encrypted structure.
Your trusted devices’ encryption keys are secured in Apple’s data centers, so Apple can decrypt your data on your behalf when necessary, such as when you sign in to a new device, restore from a backup, or recover your data after forgetting your password . As long as you can sign in with your Apple ID, you can access your backups, photos, documents, notes, and more.
For added privacy and security, 14 data categories, including Health and passwords in iCloud Keychain, are end-to-end encrypted. Apple does not have the encryption keys for these categories, so they cannot help you recover this data if you lose access to your account.
Advanced data protection for iCloud
You can choose to enable advanced data protection to protect the vast majority of your iCloud data, even in the event of a cloud data breach.
With Advanced Data Protection, the number of data categories using end-to-end encryption increases to 23, including your iCloud backups, photos, notes and more. On this Apple support page you’ll find a table that lists the additional categories of data protected by end-to-end encryption when you enable advanced data protection.
If you enable advanced data protection and subsequently lose access to your account, Apple not about the encryption keys to help you restore access. You must use your device passcode or password, a recovery contact, or a personal recovery code.
Because most of your iCloud data is protected by end-to-end encryption, you’ll be guided to configure at least one recovery contact or recovery key before enabling advanced data protection. You will also need to update all your Apple devices to a software version that supports this feature.
Advanced data protection switch
- Open Settings on your iPhone or iPad
- Navigate to your name
- Tap iCloud
- Choose ‘Advanced data protection’
On a Mac, you can do this via  ▸ System Settings ▸ Your Name ▸ iCloud ▸ Advanced Data Protection.
Then tap or click ‘Turn on advanced data protection’ to enable encryption. If you have not yet designated a recovery contact for account recovery, you must do so first before you can enable advanced protection.
You can disable advanced data protection at any time. Your device will securely upload the required encryption keys to Apple’s servers and your account will again use standard data protection.
Please note: only enable this option once you have updated all your Apple devices to the most recent version. Also the HomePod, does it still run software version 16.1 or older? Then this one is possible will no longer be updated.
Only trusted devices
End-to-end encrypted data can only be decrypted on your trusted devices signed in with your Apple ID. No one else has access to your end-to-end encrypted data, not even Apple, and this data remains safe even in the event of a cloud data breach. If you lose access to your account, the only way to recover this data is to use your device passcode or password, a recovery contact, or a recovery code.