You might have heard of extreme measures to protect your data in this age of surveillance, from installing privacy-oriented operating systems to abandoning most smartphone brands. But these solutions are difficult to implement for the average person.

Choosing between security and convenience does not need to be so hard for current Apple users. Instead, they might benefit from securing their iCloud accounts and devices.

Apple has vastly improved its security and privacy features over the years. And with its Advanced Data Protection setting, it is even easier to protect your iCloud data from unwanted observers. This setting allows you to apply end-to-end encryption to your notes, photos, iMessage backups, and more — in a way that not even Apple could view your data.

In this blog, we explain how Advanced Data Protection protects your information and discuss the potential benefits and risks of this feature.

How does it work?

End-to-end encryption makes a file unreadable to those without a private key. Imagine this key to be a randomly generated password stored on your device. Only you and any intended recipients can decode this file.

By default, your iCloud data is under standard data protection. All uploaded files have a corresponding encryption key from your device. However, Apple retains these keys in its servers for user account and data recovery. Your files become vulnerable to legal requests for user data.

By enabling Advanced Data Protection, your Apple devices have sole access to the keys encrypting your iCloud Drive. This means that Apple cannot recover your data or assist with account-related issues.

Because of this, Apple requires your Apple ID to have two-factor authentication enabled and an alternative account recovery method set up. For the latter, you can designate a family member or colleague as a recovery contact. Or you can generate a recovery key, which we advise storing in a password manager, such as 1Password. Alternatively, you can write it down on a note and lock it somewhere safe.

There are some caveats to Advanced Data Protection, though. iCloud Mail, contacts, and calendars cannot be end-to-end encrypted since they must connect to external services. Files shared outside the Apple ecosystem or to users without Advanced Data Protection are also excluded. Otherwise, most services like your photos, Safari bookmarks, and notes are end-to-end encrypted.

Messaging applications

Advanced Data Protection is important when sending sensitive information on your iPhone. End-to-end encrypted applications like WhatsApp and iMessage are imperfect; your chat history is often saved to an iCloud Drive. If not encrypted, law enforcement agencies can request Apple provide access to these messages. In one case, former Trump campaign chair Paul Manafort was indicted based on subpoenaed WhatsApp chat backups.

We usually recommend Signal — a secure messenger app that stores chat history on your device rather than on third-party servers. However, with billions of WhatsApp and iMessage users worldwide, your family members and colleagues might be hesitant to switch over. The Apple ecosystem is also convenient for many journalists, and your chat history could be already uploaded to its servers.

An encrypted iCloud Drive partially solves this dilemma by protecting any chat history stored there. However, an intended recipient may not have Advanced Data Protection enabled. Both hackers and state actors can target your family members and colleagues for these messages.

If you are worried that this situation applies to you, consider using Advanced Data Protection and Signal to protect all aspects of your communications. By utilizing Signal for confidential conversations, you can reserve mainstream messaging apps for your family and friends.

Notes and productivity

Many journalists prefer Apple Notes for work. Unlike other note-taking applications, it has built-in functionality with the Apple ecosystem. An app like Standard Notes or Obsidian excels at privacy but has limited mobile features. The biggest selling point — and weakness — of Apple Notes is the free and seamless synchronization with iCloud Drive. But your notes may reveal confidential information when not end-to-end encrypted.

With Advanced Data Protection, Apple Notes can synchronize across devices without sacrificing privacy. Just be aware that a collaboration link is not end-to-end encrypted if the intended recipient disables that feature. You should confirm before collaborating with another user. If your situation calls for it, consider switching to a dedicated note-taking application.

Journalists might also want to check out the default "Voice Memo” app later this fall, as it will gain the ability to transcribe conversations in the iOS 18, MacOS Sequoia 15.1, and iPadOS 18.1 updates. Its integration with Advanced Data Protection could ensure end-to-end encrypted voice note synchronization across all devices. As this version has not been officially released, we are uncertain how Voice Memo will be secured. In the meantime, you can read more about the privacy of journalists’ favorite transcription services.

Photos and file storage

Chances are, you are already using cloud storage functionality included with your iPhone purchase. So enabling Advanced Data Protection makes your photos and files much more secure.

Admittedly, other competitors in this space lack either device integration or sufficient privacy features. Google Drive and Google Photos, for instance, despite having a similar level of integration with Android phones, are not end-to-end encrypted. As for privacy-oriented options like Proton Drive, they make it more difficult to store and manage your photos across mobile devices. Nonetheless, you should avoid relying on iCloud as your only option.

Specifically, be cautious when sharing anything with friends and family; threat actors may still target their accounts as mentioned before. Pictures in Shared Albums or Libraries cannot be protected if your loved ones do not have Advanced Data Protection enabled. And be sure to double-check whether they have access to shared files and folders in iCloud Drive.

To minimize this risk, consider placing your work files on a separate cloud storage provider. You can have the convenience of Apple Photos without compromising confidential photos and documents. For example, you could take metadata-free photographs with Signal and transfer them to Proton Drive at home.

Other security considerations

While Advanced Data Protection prevents Apple and potential hackers from decrypting your iCloud Drive, combining it with other features like two-factor authentication and FileVault can further enhance the security of your Apple devices.

If you believe you could be the target of sophisticated attackers, consider also enabling Lockdown Mode. Keep in mind before taking this big step that your device may lose several quality-of-life features.

Everyone’s privacy journey is different. If you need additional assistance, contact the Digital Security Training Team for our training options.