Apple pulls Advanced Data Protection in UK, sparking concerns

Apple dropped Advanced Data Protection, a key privacy feature that allows users to fully encrypt several cloud services including iCloud backup and iCloud drive, for U.K. users last week.

Two years ago, Apple launched Advanced Data Protection (ADP) to bolster cloud security with end-to-end encryption (E2EE). While the move garnered criticism from the FBI, infosec experts agreed it was a critical step for data security as breaches and risks to highly sensitive user data surge.

However, beginning last week, Apple pulled ADP for U.K. users only. The removal affects E2EE for several cloud services, including backup, drive and photos.

Friday's announcement follows a Washington Post story that said the U.K. government "demanded" backdoor access to all Apple user data. Though Apple did not give in to the demand, the tech giant subsequently disabled ADP. Now, privacy and security concerns among the infosec and tech communities are rising.

Apple sent the following statement to Informa TechTarget:

"Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users, and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK, given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data, and is hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services, and we never will."

The launch of ADP helped provide users with full privacy and data control. Expanding E2EE to cloud services meant not even Apple could access users' encryption keys and, therefore, customer data. Additionally, it removed Apple's ability to hand over encrypted iCloud data to law enforcement.

The same level of security applies to disabling the feature. Apple apparently cannot disable ADP for users who have already added the feature. Therefore, such users will be required to remove it themselves at an unspecified time, with guidance from Apple.

Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, expressed several concerns for U.K. users in a statement to Informa TechTarget:

"The UK government put Apple in an untenable position by demanding a backdoor in end-to-end encryption in iCloud for users everywhere in the world. Apple's decision to disable the feature for UK users could well be the only reasonable response at this point, but it leaves those people at the mercy of bad actors and deprives them of a key privacy-preserving technology," Crocker said in an email. "The UK has chosen to make its own citizens less safe and less free."

Access Now responded to the U.K. government's initial demand for access to all Apple user data in a post to X Feb 11.

We condemn the UK’s demand for access to (E2EE) data of any Apple user in the world. This is a global threat to privacy + security, making the UK an outlier in a digitally-driven world.

— Access Now (@accessnow) February 11, 2025

In a subsequent post to X, the nonprofit privacy advocacy organization urged the U.K. government to retract its demands and encouraged Apple to stand by its user privacy commitment.

Arielle Waldman is a news writer for Informa TechTarget covering enterprise security.