Why You Should Enable Apple’s New iOS 16.2 Security Feature

We’ve added details about what happens if you cannot update all your Apple devices to the newest operating systems, and clarified previous reporting about Apple's encryption plans.

Apple just rolled out iOS 16.2, a software update that includes a key new feature called Advanced Data Protection for iCloud. That means you can finally enable end-to-end encryption for your iCloud backups so no one but you—not even Apple—can access your iCloud data.

The fact that iCloud backups haven't offered the option of end-to-end encryption until now has long been a point of controversy. iCloud backups of the Messages app were of particular concern because Apple could still hand over certain types of data within the backups to law enforcement. In particular, although conversations in Messages (along with other more personal data types, like the data stored in the Health app) were end-to-end encrypted, backups of those conversations were not. That meant police could subpoena those backups and gain access to texts. A couple of years ago, Reuter's reported that Apple had dropped a plan to encrypt backups after the FBI complained about it. But now that the feature is here, everyone should turn it on. Here's why.

Encryption is a mathematical process that jumbles data in a way that makes it unreadable without a key. End-to-end encryption ensures that only you control that key. This protection allows for private communication between a sender and a receiver—in this case, you’re both—such that third parties can't access the data. Once you enable Advanced Data Protection, not even Apple will have the key to decrypt your data—and therefore it will have no way to help you regain access if you lose it. End-to-end encryption is common in secure messaging apps like Signal, as well as in software that stores sensitive data, such as password managers.

Many people enable iCloud backups because their iPhone bothers them repeatedly to do so, and perhaps they haven't thought through the implications. Prior to today, storing a complete backup of your device, including your private photos and files, on a server—where someone other than you has access to it—has meant entering a data-privacy minefield. Someone gaining access to that account, through a data breach or by other means, would have access to anything stored there. And the problem hasn't been limited to iCloud: Startlingly few cloud storage companies, in fact, offer end-to-end encryption.

But now, if you own one or more Apple devices, you can now make sure that your backups, photo libraries, and iCloud Drive file are end-to-end encrypted.

Advanced Data Protection is rolling out as part of the iOS 16.2 over-the-air software update in the US today. Other parts of the world will receive Advanced Data Protection in early 2023. Follow these steps:

Aside from not being able to ask Apple to help you access your data, if you regularly access data or files from iCloud.com, web access is disabled by default when Advanced Data Protection is enabled. That means you can't access anything there—however, you can hop into Settings > [Your name] > iCloud and tap Access iCloud Data on the Web to temporarily turn on access when you need it.

Enabling the new security feature is relatively simple, though it's important to note that if you choose the recovery key option, you must secure your encryption key and make sure to store it somewhere safe. If you choose a recovery contact, make sure to stay in touch with that person. Otherwise, if you lose your device, your data could be completely gone.

Until this update, Apple provided end-to-end encryption for some of the most sensitive data stored in iCloud backups by default, including passwords, health data, and payment information. If you don't turn on Advanced Data Protection, here are the data categories that are end-to-end encrypted by default, according to Apple's list:

When you turn on the feature, nine more data categories are end-to-end encrypted:

Some data stored in iCloud still isn't encrypted, notably iCloud Mail and some third-party data, because doing so would break certain functions. The affected categories are as follows:

If you use any collaboration features for Files or Notes, end-to-end encryption is enabled only when you and all other parties have Advanced Data Protection enabled. So, if you are collaborating through a shared Notes or Reminder item and want that data secured with end-to-end encryption, make certain your collaborators enable the feature, too.

Setting up Advanced Data Protection is an important step, but it's not the end of the story. In addition to the various steps everyone needs to take to secure themselves online, be sure to take a few fundamental steps to secure your phone, such as using a strong passcode.

This article was edited by Caitlin McGarry.

Thorin Klosowski

Thorin Klosowski is the former editor of privacy and security topics at Wirecutter. He has been writing about technology for over a decade, with an emphasis on learning by doing—which is to say, breaking things as often as possible to see how they work. For better or worse, he applies that same DIY approach to his reporting.

by Haley Perry

From password managers to backup software, here are the apps and services everyone needs to protect themselves from security breaches and data loss.

by Thorin Klosowski

Online security is for everyone. Our simple and affordable tips will show you how to drastically reduce your risks online.

by Yael Grauer and Thorin Klosowski

A physical security key is the most secure way to enable two-factor authentication. Here's our pick for the best hardware security key.

by Thorin Klosowski

Health and financial data is particularly sensitive, and a few tips will help you keep it more secure online.