Apple has discontinued its Advanced Data Protection (ADP) feature for UK users, removing a critical layer of end-to-end encryption (E2EE) from several cloud services including iCloud Backup, iCloud Drive, and Photos.
The decision, announced last Friday, comes following reports from The Washington Post that the UK government had “demanded” backdoor access to all Apple user data. While Apple did not accede to creating such backdoors, it has instead opted to disable the ADP feature entirely for UK customers.
Background on Advanced Data Protection
Apple introduced Advanced Data Protection two years ago as a robust privacy measure designed to enhance cloud security through end-to-end encryption. This technology ensures that only the user who owns the data, operating on their trusted devices, can decrypt and access their information.
Despite facing criticism from law enforcement agencies like the FBI, cybersecurity experts widely endorsed ADP as an essential safeguard at a time when data breaches and threats to sensitive user information continue to escalate. The feature effectively prevented even Apple itself from accessing users’ encryption keys, making it impossible for the company to hand over decrypted iCloud data to authorities.
According to Apple’s statement to Informa TechTarget, the company can “no longer offer Advanced Data Protection in the United Kingdom to new users, and current UK users will eventually need to disable this security feature.” The statement expressed Apple’s grave disappointment that these protections would no longer be available to UK customers.
Since Apple cannot remotely disable ADP for users who have already enabled it, these individuals will be required to remove the feature themselves at some point in the future. The company has indicated it will provide guidance on this process, though no specific timeline has been established.
Industry Reaction
The tech and information security communities have reacted with concern to this development. Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, stated that “The UK government put Apple in an untenable position by demanding a backdoor in end-to-end encryption in iCloud for users everywhere in the world.”
Crocker added that while Apple’s decision might have been the only reasonable response under the circumstances, it “leaves those people at the mercy of bad actors and deprives them of a key privacy-preserving technology.” His assessment was blunt: “The UK has chosen to make its own citizens less safe and less free.”
The privacy advocacy organization Access Now has also spoken out, urging the UK government to withdraw its demands and encouraging Apple to maintain its commitment to user privacy.
In its statement, Apple reaffirmed its position against creating backdoors: “As we have said many times before, we have never built a backdoor or master key to any of our products or services, and we never will.”
The company emphasized that enhancing cloud storage security with end-to-end encryption “is more urgent than ever before” given the increasing prevalence of data breaches and other privacy threats. Apple expressed hope that it would be able to offer UK users the highest level of security for their personal data in the future.
This development represents a significant moment in the ongoing tension between technology companies’ privacy commitments and governments’ demands for access to user data. The UK’s pressure on Apple reflects similar efforts by governments worldwide to obtain access to encrypted communications in the name of national security and law enforcement.
Privacy advocates fear this could set a dangerous precedent, potentially encouraging other countries to make similar demands. There are also concerns about the security implications for UK users, who will now lack a layer of protection available to Apple customers in other regions.
For UK consumers, the immediate impact means their iCloud data will not have the same level of protection as users in other countries. While standard encryption remains in place, the removal of end-to-end encryption means Apple, and potentially, by legal compulsion, UK authorities—could gain access to this data.
