Apple’s iCloud Encryption Rollback in the UK: What It Means for You, No Matter Where You Live

By Kevin | Comments Off on Apple’s iCloud Encryption Rollback in the UK: What It Means for You, No Matter Where You Live
Image by meineresterampe from Pixabay
Image by meineresterampe from Pixabay

In response to the UK demanding backdoor access to iCloud, Apple has officially removed Advanced Data Protection (ADP) in the UK. This means iCloud backups and other key data types are no longer protected with end-to-end encryption in the UK. This move confirms that Apple likely received a formal request from the UK government to comply with its surveillance demands.

Why This Matters

The latest episode of the MacBreak Weekly podcast discussed this situation in great detail. Simply put, the UK law demands access to anyone's data in the cloud, anywhere in the world, at their request.

By disabling ADP, Apple has made iCloud backups in the UK accessible to authorities through legal requests. The good news—if there is any—is that access still requires a court order rather than a hidden backdoor.

“This means that although it's a step backwards because now end-to-end encryption in iCloud backups is no longer an option for anybody in the UK, it does mean that if they want to get access to the iCloud data, they have to go through the courts. They have to basically show the paperwork to Apple and put a request in—it’s no longer a secret.” — Andy Ihnatko

Did Apple Cave?

Some see this as Apple giving in, while others believe it’s a strategic way to avoid worse consequences.

Jason Snell explained:

“If Apple had caved, truly caved, what Apple would have done is not said anything and inserted a key that they control so [the UK] could read everybody’s data. Because that's what the UK law demands.”

For now, Apple has NOT enabled government access to user data, but they are still responding to UK legal demands.

“Now I think it's pretty clear that this does not answer the UK's request because they wanted access to everybody's stuff, worldwide. It just means that, you know, they're still doing business in the UK, which means presumably they still have to respond to UK requests.” — Jason Snell

This also sends a strong message to the UK government:

“It makes it, as Andy pointed out, a hell of a canary [in a coal mine] if they ever change that. But I'd say they know what they're getting into when they make a statement like that, and I think that that is them saying to the UK government, you know, try us if you want to push this further.” — Jason Snell

However, not everyone sees this as a win for Apple.

“We'd like Apple to turn off ADP in the U.S. as well. I think that's inevitable... This is a victory for the UK, not Apple. This is Apple caving in.” — Leo Laporte

The iCloud Backup Loophole

One of the biggest vulnerabilities in Apple’s security model has always been iCloud backups. While Apple promotes end-to-end encryption for messages and other data, iCloud backups include the encryption keys for those messages—making them accessible by Apple under the right circumstances, such as a government subpoena.

“If you do an iCloud backup, your messages are available [to Apple]. And that's the hole for all of this—iCloud backup. Apple keeps the key so that if you lose your device and you don't know your password, Apple can reset and give you access to your stuff.” — Leo Laporte

How Encryption Works in Backups

Upon further research, I found that Apple does NOT provide an option to back up locally encrypted data from your computer to iCloud (Apple Support).

  • When you back up your iPhone to iCloud, Apple holds the encryption keys, allowing access to your data if necessary.
  • In contrast, when you create an encrypted backup on your local computer, only you possess the encryption key, and Apple cannot access this data (Apple Support).

What Can You Do to Protect Your Data?

If you don't want to risk Apple being subpoenaed to provide your account data under any circumstances, stop using iCloud backups.

“Now I should also say for people who really want this to be private and don't want Apple to have it, you can do a computer backup of your phone that is encrypted—that you control and Apple doesn't have the key to. But if you want to do a cloud backup on Apple servers, all of that stuff is subpoena-able, basically.” — Leo Laporte

To keep your data as secure as possible:

  1. Turn off iCloud Backup – Use local backups on a Mac or PC instead.
  2. Encrypt local backups – This ensures only you have access to your data.
  3. Use end-to-end encrypted messaging apps – Apps like Signal or WhatsApp provide strong encryption without storing backup keys on a cloud service.
  4. Be mindful of cloud storage – If you're dealing with sensitive data, avoid cloud storage altogether.

“If you're doing anything sensitive, you should not be using iCloud. Like, and that's been the rule. You shouldn't be putting things in the cloud if you are doing sensitive things.” — Alex Lindsay

The Bigger Picture

While this change only applies to the UK for now, it raises concerns about whether Apple could remove ADP in other regions under similar pressure. The UK government didn’t get everything it wanted—Apple didn’t secretly insert a backdoor—but this still weakens user privacy in one of the world's most powerful tech markets.

Posted in Blog, Tech News and tagged , ,