Cyber Security

Apple Remove Advanced Data Protection for UK Users

by William
by William

In February 2025, Apple ceased offering its Advanced Data Protection (ADP) feature to users in the United Kingdom. This decision followed demands from the UK government for access to encrypted user data. The move has significant implications for user privacy and data security.

What is Advanced Data Protection (ADP)?

Advanced Data Protection is an optional feature introduced by Apple in 2022. It provides end-to-end encryption for various iCloud data categories, ensuring that only the user can access their data on trusted devices. Even Apple cannot decrypt this information.

The feature was a major step forward in digital security. It added extra protection for iCloud backups, messages, notes, and other stored data. Users who enabled ADP had more control over their information, reducing the risk of leaks and breaches.

Why Did Apple Remove ADP for UK Users?

The UK government, under the Investigatory Powers Act of 2016, issued a technical capability notice to Apple. This notice demanded that Apple create a backdoor to allow access to encrypted iCloud data. Complying would have compromised global user privacy. Instead, Apple chose to withdraw ADP from the UK market.

Government officials argue that stronger surveillance is needed to combat criminal activity and terrorism. However, privacy advocates believe that weakening encryption would expose ordinary users to hackers and cybercriminals.

How Does This Affect UK Users?

As of February 21, 2025, UK users can no longer enable Advanced Data Protection. Those who had previously activated the feature will need to disable it to continue using iCloud services. Without ADP, data such as iCloud backups, photos, and notes are no longer end-to-end encrypted, making them accessible to Apple and, potentially, to authorities if legally required.

Many users rely on Apple’s security features to protect their personal and professional data. The removal of ADP means that sensitive documents, private messages, and stored credentials may now be more vulnerable to government and third-party access.

What Data Remains Protected?

Despite the removal of ADP, certain data categories remain end-to-end encrypted by default. These include:

  • iCloud Keychain (passwords and credentials)
  • Health data
  • iMessage and FaceTime communications
  • Home data
  • Payment information and Apple Pay transactions

These categories continue to be protected, ensuring that only the user can access this sensitive information.

What Has Been the Response?

Apple expressed deep disappointment over the necessity to remove ADP in the UK, citing concerns over increasing data breaches and threats to customer privacy. Privacy advocates argue that the UK’s demand undermines user security and sets a dangerous precedent. Conversely, UK officials maintain that access to encrypted data is essential for national security and crime prevention.

Digital rights organisations have criticised the move, stating that it could lead to increased government surveillance. Meanwhile, cybersecurity experts warn that a weakened encryption policy may expose UK users to more data breaches and cyberattacks.

What Are the Broader Implications?

This situation highlights the ongoing tension between tech companies prioritising user privacy and governments seeking access for security purposes. The outcome may influence future policies on encryption and data access, potentially affecting users beyond the UK.

If Apple had complied with UK government demands, it could have set a precedent for other countries to request similar access. By refusing, Apple is taking a stand for global data privacy but at the cost of limiting security features in certain regions.

How Can UK Users Protect Their Data?

Without ADP, UK users may consider alternative measures to enhance data security:

  • Regularly update devices to the latest software versions.
  • Use strong, unique passwords and enable two-factor authentication.
  • Be cautious of phishing attempts and unsolicited communications.
  • Consider third-party encryption tools for sensitive data.
  • Store critical data locally on encrypted external drives rather than iCloud.

Staying informed about security practices can help users safeguard their personal information.

Could Apple Reverse This Decision?

For now, Apple’s decision appears firm. However, changes in UK legislation or public pressure could lead to a reassessment in the future. If lawmakers ease encryption demands, Apple might reintroduce ADP for UK users.

Tech companies and privacy groups are lobbying against government interference in encryption. If their efforts succeed, this could influence how data protection laws develop in the UK and beyond.

Is There an Alternative to iCloud?

Users who rely on secure cloud storage may consider alternative services that offer end-to-end encryption. Some options include:

  • Proton Drive – Provides zero-access encryption for files.
  • Sync.com – Offers client-side encryption and privacy-focused policies.
  • NordLocker – Provides secure cloud storage with strong encryption.
  • MEGA – Focuses on privacy with encrypted file storage.

These services offer different levels of protection, allowing users to choose the best fit for their needs.

Conclusion

Apple’s removal of Advanced Data Protection for UK users underscores the complex balance between user privacy and governmental access. As the debate continues, users must remain vigilant and proactive in protecting their data. Alternative security measures and encrypted storage solutions can help fill the gap left by ADP’s removal.

Going forward, the battle between privacy advocates and government agencies is unlikely to end soon. The decision in the UK could shape future discussions on encryption, digital rights, and user security worldwide.

For businesses and individuals concerned about cybersecurity risks, penetration testing is a key defence. Aardwolf Security offers expert penetration testing services to identify vulnerabilities and strengthen your digital defences. Contact us today to secure your systems against threats.

William is a seasoned cybersecurity professional with over a decade of experience in the realm of penetration testing. Having conducted hundreds of penetration tests for a diverse range of industries, Wiliam's expertise lies in identifying vulnerabilities and fortifying defences before they can be exploited by malicious actors. His meticulous approach to each penetration test ensures that clients receive comprehensive insights into their security posture, allowing them to make informed decisions about safeguarding their digital assets. Passionate about staying ahead of the ever-evolving threat landscape, William continuously updates his skills and methodologies to ensure that every penetration test he conducts meets the highest standards of thoroughness and accuracy. His dedication to the craft has not only protected countless organisations from potential breaches but has also solidified his reputation as a senior expert in penetration testing.

You may also like

Firefox Users Are Worried About the Latest Data Privacy Update

The Infamous (ILOVEYOU) Love Letter Worm From 2K

Race Condition Penetration Testing

Why a Well-Written Penetration Testing Report is Essential

Cryptocurrency Security: Protecting Your Digital Assets

CrowdStrike Incident: Everything You Need to Know

Understanding Open Source Intelligence & Its Impact Today

Windows Desktop Breakout

Understanding CREST Penetration Testing With Aardwolf Security

Top 10 Vulnerability Scanning Tools in 2023