Apple has disabled its highest-level data security tool, Advanced Data Protection (ADP), for UK users after the government requested access to encrypted data.
ADP provides end-to-end encryption that ensures only account holders can access their iCloud files. Apple’s opt-in ADP, available to users upon registration, was deactivated in the UK last Friday.
Early last week, the British Home Office, under the Investigatory Powers Act (IPA), asked for access to this data.
The UK law, enacted in 2016, provides a legal framework for the use and oversight of investigatory powers by law enforcement and intelligence agencies, with key features including interception of communications, communications data and bulk data collection.
Apple, which opposes encryption backdoors, chose to remove ADP in the UK rather than comply with the request.
The tech giant said in a statement: ”As we have said many times before, we have never built a backdoor or master key to any of our products, and we never will.”
It added: “Enhancing the security of cloud storage with end-to-end-encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in future in the UK.”
With the removal of the security measure, Apple will now be able to access the stored files and share them with law enforcement upon request, although such disclosure will still require a legal warrant.
ADP provided end-to-end encryption for iCloud backups, photos, notes and other files, making them accessible only on users’ devices.
The UK government claims that such security measures hamper efforts to investigate serious crimes, including terrorism and child exploitation.
Child safety groups, including the NSPCC, told the BBC that encryption hampers efforts to combat online abuse by placing barriers in the way of preventive actions such as child pornography sharing identification (CSAM).
This decision adds to growing tensions between governments and technology companies over privacy and regulation.
Last week, Will Cathcart, head of WhatsApp, expressed his concerns in a post on X, in which he said: “If the UK imposes a global backdoor into Apple’s security, it will make everyone in every country less safe. One country’s secret order risks endangering all of us and must be stopped.”
Several cyber security experts have also criticised the move, warning that the measure weakens the privacy of British users.
David Ruiz, senior privacy advocate at cybersecurity specialist Malwarebytes said that it is difficult to call the news “anything other than a disaster,” adding that the loss of end-to-end encryption for cloud storage leaves users less secure and private, with global consequences tipping the consequences into far worse territory.
“Security officials asked not only that Apple allow the UK government access to UK residents’ encrypted cloud storage, but that the UK government get access to any Apple user’s encrypted cloud storage,” he said. “To demand access to the world’s data is such a brazen, imperialist manoeuvre that I’m surprised it hasn’t come from, well, honestly, the US.”
He added that the move could embolden other countries to make a similar demand of Apple.
Prof Alan Woodward, cyber-security expert at Surrey University told the BBC: “All the UK government has achieved is to weaken online security and privacy for UK based users.”
Online privacy expert Caro Robson called Apple’s move “unprecedented”.
He told the BBC: “It would be a very, very worrying precedent if other communications operators felt they simply could withdraw products and not be held accountable by governments.”
