Quick Links
Summary
Advanced Data Protection secures your iCloud data with end-to-end encryption, using keys stored on local, trusted devices like your iPhone. You should only enable the feature if you’re confident you can restore access to this data with a recovery key or trusted contact should you lose access to your iCloud data.
Do you have important information iniCloudthat you want to keep private? Advanced Data Protection lets you do just that, but there’s more to turning the feature on than simply flipping a switch. Make sure you understand the implications of doing so before you proceed.
What Is Advanced Data Protection?
Advanced Data Protection is Apple’s name forend-to-end encryptionfor your iCloud data. End-to-end encryption means that data is encrypted when it leaves your device, stored in that encrypted format on Apple’s servers, then decrypted with the required key using trusted devices, like your iPhone. The big difference is that only you have the key to decrypt your data: Not even Apple has the key to access your data on its servers.
Standard data protection for these services encrypts data in transit, and on Apple’s servers, with the key required to decrypt and access that data also stored on Apple’s server. This remains the default setting. With Advanced Data Protection, decryption keys are stored offline on your trusted devices (including theiPhone,iPad, andMac).
Since this key is private, data cannot be decrypted even if someone else gets a hold of it. For example, even if Apple has a data breach and loses all the data it has on you, the thief wouldn’t be able to decrypt the data without your private key.
Related:What Is an Encryption Backdoor?
When data is stored in this manner, not even Apple can decrypt it. Since the keys required to decrypt the data are stored in a way that Apple doesn’t have access to them, Apple is unable to grant authorities, such as law enforcement agencies or the government, access to the data. Not even internal attacks by “rogue” Apple employees can reveal the contents of user data protected in this manner.
The feature has beendescribed as “deeply concerning” by the FBIwhile the Electronic Frontier Foundation issued astatementto “applaud Apple for listening to experts, child advocates, and users who want to protect their most sensitive data”—a demand previously outlined in theEFF’s Fix It Already campaign.
Should You Enable iCloud Advanced Data Protection?
If end-to-end encryption on your iCloud data protects you from having your data accessed, why wouldn’t you want to enable it right away? In fact, you might wonder why isn’t the feature enabled by default.
Enabling Advanced Data Protection affords your data better protection, but it also means that accessing your data depends on you having a recovery key or at least one trusted contact you can use if you lose access. Should you lose track of either of those things, you won’t be able torecover your dataat all. Apple won’t be able to assist you because Apple doesn’t have the decryption key.
You’ll be prompted to select your recovery assistance choices as part of the setup if you haven’t alreadyset up Account Recovery for your Apple ID.
You can do this under Settings > [Your Name] > Password & Security > Account Recovery. Use this menu to nominate contacts that you trust and a recovery key that you can keep safe and private. They’re your last resort for recovering your encrypted data if you lose access to trusted devices that are already signed in.
As long as you implicitly trust a nominated contact and can keep your key in a secure location (so that it remains accessible to you but not obvious to any attackers), you should have no trouble enabling Advanced Data Protection. If you’re concerned about either of these things, you might want to leave standard data protection enabled instead.
What’s (Not) Included?
Some iCloud data has been end-to-end encrypted for a while, including categories likeHealth, yourKeychain(which stores other login data), and payment information. With the arrival of Advanced Data Protection, nine additional categories are now covered, including:
With Advanced Data Protection enabled, the keys required to decrypt this data are stored on your device. The only iCloud services that still limit encryption to “in transit” and “on-server” with keys stored on Apple’s servers are:
Applestatesthat “iCloud Mail does not use end-to-end encryption because of the need to interoperate with the global email system” and that contacts and calendars “are built on industry standards (CalDAV and CardDAV) that do not provide built-in support for end-to-end encryption”.
Related:The Best Free Ways to Send Encrypted Email and Secure Messages
How to Enable Advanced Data Protection
If you’re happy that the benefits of Advanced Data Protection outweigh the risks of your data being irretrievable if you lose your recovery key (or your nominated contacts are unavailable), you’re able to enable it under the Settings menu.
Head to Settings > [Your Name] > iCloud > Advanced Data Protection. Tap “Turn On Advanced Data Protection” then follow the steps for enabling Account Recovery if you haven’t already done so. Keep your recovery key in a safe place.
To finalize the process, you’ll be asked to update certain devices that don’t currently support the feature. Tap on “Remove Devices in Settings” to enable the feature right now without applying the updates.
To remove a device, tap on it, then choose “Remove from Account” to proceed. The device will need to be updated and added to your account again to show up in the Settings app.
To disable the feature, head back to this menu and tap “Turn Off Advanced Data Protection” and your device will store the required keys locally instead.
Advanced Data Protection Coming Worldwide in 2023
Note that Advanced Data Protection is available withiOS 16.2and later. (iOS 16.2 was released on July 29, 2025.) You canupdate your iPhoneoriPadunder Settings > General > Software Update. Advanced Data Protection is rolling out in the US at first, with the feature coming to the rest of the world in early 2023.
There are other ways to protect your Apple devices and associated accounts. Make sure thattwo-factor authentication is enabled on your Apple ID, that you’reusing the most secure iPhone password, and that you’reapplying software updates even on outdated devices.
Check outour full list of iPhone security tipsfor more best practices.
Related:10 Easy Steps to Better iPhone and iPad Security
