Why You Should Enable Apple’s New Security Feature in iOS 16.2 Right Now
By Thorin Klosowski
Updated December 14, 2022
Save
Why You Should Enable Apple’s New Security Feature in iOS 16.2 Right Now
Photo: Michael Hession
New ∙ December 2022
FYI
We’ve added details about what happens if you cannot update all your Apple devices to the newest operating systems.
December 14, 2022
Apple just rolled out iOS 16.2, a software update that includes a key new feature called Advanced Data Protection for iCloud. That means you can finally enable end-to-end encryption for your iCloud backups so no one but you—not even Apple—can access your iCloud data.
The fact that iCloud backups haven’t offered the option of end-to-end encryption until now has long been a point of controversy. iCloud backups of the Messages app were of particular concern because Apple could still hand over certain types of data within the backups to law enforcement. In particular, although conversations in Messages (along with other more personal data types, like the data stored in the Health app) were end-to-end encrypted, backups of those conversations were not. That meant police could subpoena those backups and gain access to texts. A couple of years ago, rumors suggested that Apple had dropped a plan to encrypt backups after the FBI complained about it. But now that the feature is here, everyone should turn it on. Here’s why.
Encryption is a mathematical process that jumbles data in a way that makes it unreadable without a key. End-to-end encryption ensures that only you control that key. This protection allows for private communication between a sender and a receiver—in this case, you’re both—such that third parties can’t access the data. Once you enable Advanced Data Protection, not even Apple will have the key to decrypt your data—and therefore it will have no way to help you regain access if you lose it. End-to-end encryption is common in secure messaging apps like Signal, as well as in software that stores sensitive data, such as password managers.
Many people enable iCloud backups because their iPhone bothers them repeatedly to do so, and perhaps they haven’t thought through the implications. Prior to today, storing a complete backup of your device, including your private photos and files, on a server—where someone other than you has access to it—has meant entering a data-privacy minefield. Someone gaining access to that account, through a data breach or by other means, would have access to anything stored there. And the problem hasn’t been limited to iCloud: Startlingly few cloud storage companies, in fact, offer end-to-end encryption.
But now, if you own one or more Apple devices, you can now make sure that your backups, photo libraries, and iCloud Drive file are end-to-end encrypted.
How to turn on Advanced Data Protection
Advanced Data Protection is rolling out as part of the iOS 16.2 over-the-air software update in the US today. Other parts of the world will receive Advanced Data Protection in early 2023. Follow these steps:
Turn on two-factor authentication for your Apple ID if you haven’t done so already.
Update all your Apple devices to iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2, or newer. If your devices are older and don’t support the latest versions of Apple’s operating systems, you’ll have to remove them from your Apple ID in order to enable Advanced Data Protection. That means you won’t be able to log into your Apple account on that older device, in which case, you should probably not enable Advanced Data Protection until you upgrade to a newer Apple device.
On an iPhone or iPad, open Settings (or System Preferences on a Mac) > [Your name] > iCloud > Advanced Data Protection > Account Recovery. On this page you’ll see a choice of recovery methods. To use Advanced Data Protection, you must set up at least one of these two options (you can do both):
Designate a recovery contact, a trusted person from your contacts list who also owns an Apple device and whom you can easily reach out to in case you get locked out of your account. If you choose this method, you’ll send the recovery contact a message with a link that they will need to tap or click to accept. They’ll now have the key to help you unlock your account, but they won’t be able to unlock it on their own.
Set up a recovery key, a 28-character key that you can use to access your account in case you are locked out. Apple has no way to recover this key for you, so it’s important that you save it somewhere safe. If you choose this method, you’ll need to verify the key before you enable it, so write it down.
Head back to Settings > [Your name] > iCloud > Advanced Data Protection, tap Turn on Advanced Data Protection, and then follow the on-screen prompts. Here, you need to confirm your recovery contact or enter your recovery key one more time, followed by your device’s passcode. If you have any older devices that cannot be updated, you can remove them from the list at this point.
Aside from not being able to ask Apple to help you access your data, if you regularly access data or files from iCloud.com, web access is disabled by default when Advanced Data Protection is enabled. That means you can’t access anything there—however, you can hop into Settings > [Your name] > iCloud and tap Access iCloud Data on the Web to temporarily turn on access when you need it.
Enabling the new security feature is relatively simple, though it’s important to note that if you choose the recovery key option, you must secure your encryption key and make sure to store it somewhere safe. If you choose a recovery contact, make sure to stay in touch with that person. Otherwise, if you lose your device, your data could be completely gone.
What data gets protected (and what doesn’t)
Until this update, Apple provided end-to-end encryption for some of the most sensitive data stored in iCloud backups by default, including passwords, health data, and payment information. If you don’t turn on Advanced Data Protection, here are the data categories that are end-to-end encrypted by default, according to Apple’s list:
Passwords and Keychain
Health data
Home data
Messages in iCloud (but not iCloud backups)
Payment information
Apple Card transactions
Apple Maps (details such as favorites and search history)
QuickType Keyboard learned vocabulary
Safari (details such as history, tab groups, and iCloud tabs)
Screen Time
Siri information (details such as settings and personalization)
Wi-Fi passwords
W1 and H1 Bluetooth keys
Memoji
When you turn on the feature, nine more data categories are end-to-end encrypted:
iCloud backup
iCloud Drive
Photos, including photos in a Shared Library, if everyone in the Shared Library has Advanced Data Protection enabled
Notes
Reminders
Safari Bookmarks
Siri Shortcuts
Voice Memos
Wallet passes
Some data stored in iCloud still isn’t encrypted, notably iCloud Mail and some third-party data, because doing so would break certain functions. The affected categories are as follows:
iCloud Mail
Contacts
Calendars
Photos stored in Shared Albums and any file shared with “Anyone with a link”
Any document shared for iWork collaboration
Any third-party app data that doesn’t employ its own end-to-end encryption (though if the backups of those apps are stored in iCloud Backup, they will be end-to-end encrypted, and if an app stores data in iCloud Drive, it should be end-to-end encrypted, as well)
Some metadata and usage information (details such as the names of your devices, the sizes of files, and more, which is notable because recent reports suggest that Apple isn’t entirely transparent about the data it collects)
If you use any collaboration features for Files or Notes, end-to-end encryption is enabled only when you and all other parties have Advanced Data Protection enabled. So, if you are collaborating through a shared Notes or Reminder item and want that data secured with end-to-end encryption, make certain your collaborators enable the feature, too.
Setting up Advanced Data Protection is an important step, but it’s not the end of the story. In addition to the various steps everyone needs to take to secure themselves online, be sure to take a few fundamental steps to secure your phone, such as using a strong passcode.
This article was edited by Caitlin McGarry.
Don’t miss a deal this holiday season
Get shopping advice, our favorite gifts, and the best discounts on Wirecutter-approved picks straight to your inbox.
Opt out or contact us anytime. See our Privacy Policy.
About your guide
Thorin Klosowski
Thorin Klosowski
Thorin Klosowski is the editor of privacy and security topics at Wirecutter. He has been writing about technology for over a decade, with an emphasis on learning by doing—which is to say, breaking things as often as possible to see how they work. For better or worse, he applies that same DIY approach to his reporting.
Further reading
Back Up and Secure Your Digital Life
Back Up and Secure Your Digital Life
Every Step to Simple Online Security
Every Step to Simple Online Security
The Best Security Key for Multi-Factor Authentication
The Best Security Key for Multi-Factor Authentication
Simple Online Security: Secure Your Sensitive Data
Simple Online Security: Secure Your Sensitive Data
Wirecutter is the product recommendation service from The New York Times. Our journalists combine independent research with (occasionally) over-the-top testing to save people time, energy and money when making buying decisions. Whether it's finding great products or discovering helpful advice, we'll help you get it right (the first time).
About Wirecutter
Our team
Staff demographics
Jobs at Wirecutter
Contact us
How to pitch
Deals
Lists
Blog
Newsletters
Privacy Policy
Terms of Use
Cookie Policy
Partnerships & Advertising
Licensing & Reprints
RSS
© 2022 Wirecutter, Inc., A New York Times Company
Dismiss