Today, Apple announced many new security measures to provide users with important tools to protect their most sensitive data and communications. While the Cupertino company will not make most of these features mandatory for users, it will give those at higher risk – such as journalists, human rights activists, and diplomats an extra layer of protection.
Three main features are being announced: iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud. These functions will launch to all users globally in 2023, although US customers will have Advanced Data Protection by the end of this year.
This announcement comes a few months after Apple released the Lockdown Mode, which offers an extreme, optional level of security to some users who believe high-level hackers are tracking them.
“At Apple, we are unwavering in our commitment to provide our users with the best data security in the world. We constantly identify and mitigate emerging threats to their personal data on device and in the cloud,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications.”
Starting with iMessage Contact Key Verification, users who face digital threats can choose to verify further that they are messaging only with the people they intend. According to Apple, conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed in breaching cloud servers and inserting their device to eavesdrop on these encrypted communications.
Security Keys, for example, will give customers a choice to use third-party hardware security keys to enhance the protection of their iCloud data. Apple says this feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and government members.
Last but not least, Advanced Data Protection for iCloud expands the number of categories featuring end-to-end encryption, such as Backup, Notes, and Photos. Previously, only 14 categories had E2E, and now, 23 have it. Currently, the only major iCloud data categories that are not covered are Mail, Contacts, and Calendar. Apple says this because they need to “interoperate with the global email, contacts, and calendar systems.”
“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture.
To explain these features, WSJ‘s Joanna Stern interviewed Apple’s Craig Federighi, as you can watch here.