By Jeremy Cook
In December 2022, Apple announced its Advanced Data Protection program, increasing the number of services capable of end-to-end encryption from 14 to 23. Encrypted data services now include iCloud Backup, Photos, and Notes. Data encryption for iCloud Mail, Contacts, and Calendar was not included as a part of this rollout, per the need to interact with other systems that would have been rendered incompatible.
While security has been at the forefront of Apple’s offerings since well before 2022, what is innovative about this announcement—and controversial in some contexts—is that Apple no longer has ultimate access to your data. Before, Apple stored security keys and could decrypt your data as needed. This policy allowed Apple to recover data if you somehow lost access, and to turn over data if required by law. On the other hand, it would also theoretically enable a hacker or rogue employee to access end-to-end encrypted data for nefarious purposes.
One answer to this potential threat is to store encryption keys only on the user’s device. Even the service handling this data–i.e., Apple–can’t view it without the key. End-to-end encryption isn’t a new idea. However, as Apple, the world’s most valuable company (by market capitalization as of this writing), is now putting it further into practice, it is now thoroughly mainstream.
The data is yours
While there are some tradeoffs, the fact that Apple never has access to your data means that it is for your eyes only. Even if their policies changed at a later date, or if Apple somehow decided that accessing your data was necessary in an emergency, they no longer have a way to access it. Depending on the context, this could include your browsing data, personal identifiable information, location data, photos, video, and anything else you choose to store.
Another important thing to note is that data encryption does not by itself obscure the source or destination of data upon transfer. Transfers can tell Apple or other interested parties some information about your interactions, but the content itself is secure.
General data security
While properly encrypted data is theoretically safe from attack, the danger via other vectors is still a threat. Consider the Signal app, perhaps the most privacy-focused messaging service available, that announced in August 2022 it had been compromised by a phishing attack. The breach gave the attacker temporary access to Twilio’s support console. Twilio provides phone number verification services for Signal, and the breach potentially affected about 1900 accounts. While the attacker could not read any messages because of Signal’s strong encryption setup, it would have been possible to re-register an account and impersonate the victim.
You can have the best lock in the world (encryption technology), but if someone tricks you into sharing the key or combination, it can still be opened. Alternatively, if you leave your keys in a vulnerable position via poor security practices such as repeated or weak passwords, attacks become much easier. From a device maker’s standpoint, if someone can access the “lock” design, security can be attacked from that angle.
Practical tradeoffs to end-to-end-encryption
Setting aside moral arguments about who needs access to what, there is one huge practical tradeoff to end-to-end encryption with no oversight. If you somehow lose your encryption key, your data is gone forever. You are ultimately responsible, not Apple or anyone else.
That said, to enable Advanced Data Protection, Apple requires you to put a backup method in place (a recovery contact and/or printed passcode) that allows you to access your data if you lose your device. But what if you haven't updated your recovery contact, or lost your printed password? Or what if you stored your password in your wallet, which went through the wash? Neither should happen, but it can if you’re not careful.
End-to-end security via advanced data protection
Is end-to-end encryption via Apple’s Advanced Data Protection or other means a good thing? The ability to implement it certainly is. The question of whether to implement it yourself (and how to do so) will require careful consideration. Just make sure you don’t lose your backup code and stay on good terms with your trusted contacts!
To add cryptographic security to your next microcontroller project, check out the DS28E50 authenticator and DS2477 coprocessor. Details on how this is set up are found in this article.
関連商品を見る
