Apple confirms it will remove iCloud end-to-end encryption in the UK after government demand

Apple has confirmed that it will no longer offer its Advanced Data Protection (ADP) service in the United Kingdom following a request from the UK government. This move comes after the government demanded that Apple create a backdoor to access users’ encrypted iCloud backups. As a result of this request, Apple will disable the iCloud end-to-end encryption feature in the UK, a decision that aims to avoid a conflict with UK authorities but sacrifices the added security that ADP provides to users.

With ADP, users’ most sensitive data is protected by end-to-end encryption, ensuring that only trusted devices can decrypt the information. This security layer will no longer be available to UK users, meaning their data stored in iCloud will no longer benefit from this high level of protection. The government’s request for a backdoor, which would allow unauthorized access to encrypted backups, is no longer necessary, given that the encryption itself will be disabled.

Earlier this month, reports surfaced that the UK government had secretly issued an order in January demanding that Apple create a backdoor for iCloud backups. This order sought to access encrypted backups stored on iCloud, including those belonging to users outside the UK. Apple has the right to challenge such a request by appealing the technical capability notice, citing the cost of implementation and concerns over the proportionality of the request compared to security risks. However, Apple has opted to comply with the law, preventing the creation of a backdoor that could potentially be exploited by the UK government or other malicious actors.

While this change affects certain iCloud services in the UK, not all Apple services will lose encryption. Features such as iCloud Keychain, Health, iMessage, and FaceTime will continue to benefit from end-to-end encryption. However, other iCloud services in the UK will lose this encryption, including iCloud Backup, iCloud Drive, Photos, Notes, Reminders, Safari Bookmarks, Siri Shortcuts, Voice Memos, Wallet passes, and Freeform.

In March 2024, Apple addressed the British Parliament, expressing concern over the government’s request. The company stated, “There is no reason why the UK [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.” Apple has consistently pushed back against similar attempts by the UK government to legislate for backdoors in encrypted communications.

On Friday, Apple announced that Advanced Data Protection (ADP) will no longer be available to new users in the UK, and existing UK users will eventually be required to disable the security feature.

Apple provided the following statement:

“Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”