Apple will remove its highest level of data protection from UK iPhones after the British government reportedly demanded it have access to user data.
The feature, called Advanced Data Protection (ADP), end-to-end encrypts the majority of files uploaded to the cloud,which means only the user can access them.
It reported earlier this month that the government had issued an order under the Investigatory Powers Act 2016, asking for the ability to access fully encrypted files from Apple users.
The technology giant did not comment at the time, but has previously said on several occasions that it would never agree to creating a ‘back door’ into its systems as it could be exploited.
But now Apple has confirmed that it is ditching the tool in the UK. It will withdraw the feature as an option for those not already using it, and move existing users away from it.
In a statement, Apple said: ‘Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature.
‘ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices.
‘We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.
‘Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom.
‘As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.’
The statement explained that 14 types of data that can be stored on its iCloud service will still be end-to-end encrypted, including health data, and communication tools such as iMessage and FaceTime.
But one expert warned the decision meant UK users would now be more at risk from cyber threats.
Dray Agha, senior manager of security operations at cybersecurity firm Huntress said: ‘Apple’s decision to pull Advanced Data Protection in the UK is a direct response to increasing Government demands for access to encrypted user data.
‘Weakening encryption not only makes UK users more vulnerable to cyber threats but also sets a dangerous precedent for global privacy.
What does this mean for iPhone users?
Losing ADP won’t affect the 14 iCloud data categories that by default are end-to-end encrypted.
This includes communication tools like iMessage and FaceTime, the password management system iCloud Keychain and the Health app.
However, nine iCloud categories will now only be protected by Standard Data Protection, which does not have the option for end-to-end encryption.
They are iCloud Backup, iCloud Drive, Photos, Notes, Reminders, Safari Bookmarks, Siri Shortcuts, Voice Memos, Wallet Passes, and Freeform.
‘Governments argue this helps law enforcement, but history shows that any backdoor created for one party can eventually be exploited by bad actors.
‘The broader concern is that this move could pressure other companies to weaken their security, putting personal data worldwide at greater risk.’
A number of online safety charities, as well as police and security services around the world have long warned of the dangers of end-to-end encrypted services, arguing that they allow offenders such as terrorists and child abusers to hide more easily.
Rani Govender, policy manager for child safety online at the NSPCC said this was an opportunity for Apple and other firms to consider other ways of protecting users, particularly children.
‘We know that end-to-end encryption allows offenders to groom and manipulate children and build communities where they can share vile child sexual abuse material without detection,’ she said.
‘As Apple change their approach to encryption on their services, they must take this opportunity to ensure that they are considering other measures they can put in place to better protect children.
‘All tech companies should be finding ways to tackle online risks to children whilst upholding privacy of their users, and Ofcom and government should hold them accountable for doing so.’
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
MORE: Apple has quietly discontinued two popular iPhones
MORE: iPhone and Android users warned hugely popular setting is draining their batteries
MORE: Apple release new iPhone 16e but there’s a major difference in latest model
