by December 7, 2022
TO UPDATE
Apple improves user security with powerful new privacy protections
iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud provide users with important new tools to protect their most sensitive data and communications
Apple today introduced three advanced security features focused on protecting against threats to user data in the cloud, marking the next step in its ongoing effort to give users even stronger ways to protect their data. iMessage contact key verification allows users to verify that they are only communicating with the intended person. Apple ID security keys give users the choice of requiring a physical security key to log into their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to offer Apple’s highest level of cloud data security, users have the choice to protect important iCloud data, including iCloud backup, photos, notes and more protection.
As threats to user data become more sophisticated and complex, these new capabilities complement a range of other protections that make Apple products the most secure available: from security built right into our custom chips, to best-in-class device encryption and data protections to features like lockdown mode, which provides an extreme, optional level of security for users like journalists, human rights activists, and diplomats. Apple strives to improve both device and cloud security, adding new protections over time.
“At Apple, we work tirelessly to offer our users the best data security in the world. We’re constantly identifying and mitigating new threats to your personal data on devices and in the cloud,” said Craig Federighi, Apple’s senior vice president of software engineering. “Our security teams work tirelessly to protect user data, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users have three powerful new tools at their disposal to further protect their most sensitive data and communications.”
Verification of iMessage contact key
Apple pioneered the use of end-to-end encryption in consumer communications services with the introduction of iMessage, so messages could only be read by the sender and recipient. FaceTime has also used encryption since launch to keep conversations private and secure. With iMessage contact key verification, users who are exposed to exceptional digital threats – such as journalists, human rights activists and government officials – can now further verify that they are only messaging with the intended individuals. The vast majority of users will never be the target of sophisticated cyberattacks, but the feature adds an important extra layer of security for those who might be. Conversations between users who have iMessage contact key verification enabled will receive automatic alerts when an exceptionally advanced attacker, such as And for even greater security, iMessage contact key verification users can compare a contact verification code in person, on FaceTime, or over another secure call.
security key
Apple introduced two-factor authentication for the Apple ID in 2015. Today, it’s the most widely used two-factor account security system in the world that we know of, with more than 95 percent of active iCloud accounts using this protection. With security keys, users now have the choice to use third-party hardware security keys to enhance this protection. This feature is designed for users who often face concerted threats to their online accounts due to their public profile, such as B. Celebrities, journalists and government officials. For users who sign in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.
Advanced data protection for iCloud
For years, Apple has offered industry-leading data security on its devices with Data Protection, the sophisticated file encryption system built into iPhone, iPad, and Mac. “Apple makes the most secure mobile devices on the market. And now we’re building on that strong foundation,” said Ivan Krstić, Apple’s head of security engineering and architecture. “Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption, so it can only be decrypted on their trusted devices.” For Users who sign up, Advanced Data Protection protects most iCloud data even in the event of a data breach in the cloud.
iCloud already protects 14 sensitive data categories with end-to-end encryption by default, including iCloud Keychain passwords and health records. For users who enable Advanced Data Protection, the total number of data categories protected by end-to-end encryption increases to 23, including iCloud backup, notes and photos. The only major iCloud data categories not covered are iCloud Mail, Contacts, and Calendars as they must interact with the global email, contacts, and calendar systems.
Improved security for user data in the cloud is needed now more than ever, according to new data security research summary, The Rising Threat to Consumer Data in the Cloud, released today. Experts say the total number of data breaches more than tripled between 2013 and 2021, with 1.1 billion personal records exposed worldwide in 2021 alone. Organizations across the technology industry are increasingly addressing this growing threat by incorporating end-to-end encryption into their offerings.
Availability
- iMessage Contact Key Verification will be available worldwide in 2023.
- Apple ID security keys will be available worldwide in early 2023.
- Advanced Data Protection for iCloud is available in the US today to Apple Beta Software Program members and will be available to US users by the end of the year. The feature will roll out to the rest of the world in early 2023.
- For a full technical overview of the optional security enhancements Advanced Data Protection offers, see our Platform Security guide, along with data breach research, “The Rising Threat to Consumer Data in the Cloud” by Dr. Stuart Madnick, Professor Emeritus at MIT’s Sloan School of Management.
Press Contacts
Trevor Kincaid
Apple
(202) 281-6403
Shane Bauer
Apple
(512) 966-7192
Apple Media Helpline
(408) 974-2042
