Apple has made waves by pulling Advanced Data Protection (ADP) for UK users, a move that has left many questioning what this means for their iCloud data and customer privacy. The decision follows pressure from the UK government, which sought access to encrypted data under the Investigatory Powers Act—a request that Apple has refused to comply with.
Rather than creating a backdoor or master key, Apple has decided to disable ADP automatically for existing users and prevent new users in the UK from enabling it. This change has sparked debates about data protection, user privacy, and the future of end-to-end encryption.
What is Apple’s Advanced Data Protection (ADP)?
Advanced Data Protection (ADP) is an opt-in security feature designed to offer the highest level of protection for iCloud data. It extends end-to-end encryption beyond iMessage, iCloud Keychain, health data, and payment information to iCloud backups, notes, voice memos, and more stored online.
Under ADP, not even Apple could access your protected data—only account holders had the key to decrypt it. The removal of this feature means that UK-based users now have fewer protections for their iCloud accounts and cloud storage.
Why did Apple remove ADP for UK users?
The UK government has been increasing its push for access to encrypted data through laws like the Investigatory Powers Act and potential updates through a Technical Capability Notice. This could require tech companies like Apple to provide government access to end-encrypted communications and stored data.
Apple remains committed to offering strong security and has refused to weaken encryption by implementing such access. Instead of complying with the request, Apple has chosen to no longer offer Advanced Data Protection to customers in the UK.
In a statement, Apple clarified that it has “never built a backdoor or master key to any of our products, and we never will.”
What does this mean for UK-based users?
If you had Advanced Data Protection ADP enabled before Apple’s announcement, you’ll still have access to it—for now. However, Apple has confirmed that it will disable ADP automatically for existing users at an unspecified future date. For new users, ADP is no longer an option in the United Kingdom.
Your iCloud Data without ADP:
- Standard encryption still applies to iCloud backups, voice memos, and stored online content, but Apple can access this data when required by law enforcement agencies.
- iMessage, FaceTime, Health data, iCloud Keychain, and passwords stored in iCloud remain end-to-end encrypted by default.
- Without ADP, data stored in iCloud Drive and iCloud backups is less secure compared to end-encryptedprotection.
Concerns from Cyber Security experts and tech firms
Cyber security experts and digital rights groups have voiced concerns that this decision could set a dangerous precedent. If Apple had complied, it could have weakened encryption not just for UK-based users, but globally.
Key concerns raised:
- Risk of data breaches: Weakening encryption makes protected data more vulnerable to other threats beyond just government access.
- Global impact: Other governments could follow the UK’s lead, pressuring tech firms to introduce similar backdoors.
- User privacy compromised: Removing ADP removes the highest level of security Apple has offered for iCloud data.
- A chilling effect on other companies that might now face pressure to reduce end encryption protections provided.
The Electronic Frontier Foundation told the Washington Post that this move could gravely disappoint privacy advocates, warning that opening one backdoor or master key could create vulnerabilities for other countries and bad actors.
What protections do Google and Android offer?
Apple isn’t the only company offering advanced security features for cloud storage. Google and Samsung have their own protections, though they vary in scope:
- Google encrypts data as it moves between devices and data centers, but Google Photos and Google Drive are not end-to-end encrypted.
- Google’s Advanced Protection Program offers enhanced security features, relying on passkeys for account holders.
- Samsung’s Enhanced Data Protection provides end-encrypted backups for messages, call logs, and settings on some Galaxy devices.
What’s next for data protection?
With the continuing rise of data breaches and cyber threats, the removal of Apple’s Advanced Data Protection (ADP) in the UK signals a critical moment for tech companies and customer privacy. While Apple remains committed to offering strong security, this move highlights the ongoing battle between government demands and user privacy protections.
For UK businesses and individuals, this shift serves as a reminder to take control of their own data security. Now, more than ever, it’s crucial to:
- Enable two-factor authentication (2FA) to add an extra layer of security.
- Use strong passwords and a password manager like iCloud Keychain or third-party alternatives for better protection.
- Stay informed about changes to data protection laws and security policies to adapt quickly.
- Review cloud storage security and consider additional encryption solutions to protect sensitive business data.
How Neuways can help
Apple has not confirmed when existing UK users of ADP will lose access, but businesses and Apple users should ideally prepare for this change now. Without ADP, companies and individuals must be proactive in securing sensitive data and reducing reliance on Apple’s built-in security.
At Neuways, we help businesses safeguard their IT systems, data, and infrastructure from emerging security threats. If you need expert advice on securing your business data, contact us today.
