Apple is making new efforts to increase user security. While the company has previously touted its overall privacy prowess, the new features are specifically meant to to safeguard iCloud accounts and iMessage.
Apple unveiled three major security features in an announcement published Wednesday. The first, iMessage Contact Key Verification, allows you to ensure that your messages are only visible to you and the given recipient. Security Keys for AppleID, meanwhile, can require the use of an external, physical security key to bolster iCloud’s two-factor authentication. Advanced Data Protection for iCloud can protect backed up data—texts, photos, and other personal data—with end-to-end encryption when activated.
“Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications,” said Craig Federighi, Apple’s senior vice president of Software Engineering, in the company’s press release. The company is also scrapping a plan to scan users’ photos for child sexual abuse imagery.
Advanced Data Protection is available now for beta testers, and is expected to be available by the end of the year for U.S. users and next year for global users. iMessage Context Key Verification and Security Keys for Apple ID should be available globally in 2023. iMessage is already encrypted, meaning that Apple or law enforcement officers cannot read the contents of messages, but iCloud backups are not, allowing for law enforcement to access chat logs and other information by subpoenaing Apple for the backed up data.
Apple’s iMessage Contact Key Verification is targeting those with a platform that might be subject to digital threats and eavesdropping, whether by hostile states or rogue hackers, like journalists and government officials. Apple’s press release further explains that the feature will allow the two users communicating with each other to compare a Contact Verification Code to ensure the conversation is legit. The feature can also send a notification on iMessage when a strange device may be lurking.
Governments around the world have pressured Apple to allow for holes in its privacy practices in the name of law enforcement, and, according to The Washington Post, it delayed encrypting iCloud storage years ago after objections from the FBI. Government officials in the U.S. and beyond say that encryption facilitates the activities and communications of criminals like drug and human traffickers. The debate came to head in the notorious Apple vs. FBI federal court case over orders that would have compelled Apple to write software that would allow the government to break its own encryption to access the San Bernardino shooter’s phone.
The FBI issues a statement to the Wasington Post last night after the news broke, criticizing Apple’s new security features:
This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism,” the bureau said in an emailed statement. “In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design.’”
Security Keys relies on external hardware from a third party like Yubico’s NFC key, for two-factor authentication to further hinder hacking your iCloud account. Advanced Data Protection for iCloud is, per Ivan Krstić, head of Apple’s Security Engineering and Architecture, the company’s “highest level of cloud data security,” and will protect 23 different data categories like iCloud Backup, Notes, and Photos. Advanced Data Protection will not protect iCloud Mail, Contacts, and Calendar.
Update December 8 10:30 a.m. ET: This article was updated to include a statement from the FBI issued to the Washington Post.