How to use Apple's Advanced Data Protection for iCloud

A rusty padlock
(Image credit: Michal Jarmoluk from Pixabay)

Advanced Data Protection is one of the most important new features to arrive on iCloud. Available with iOS 16.2, it adds further encryption to its cloud computing service. It comes at a similar time to Lockdown Mode, which you can find out more about in our how to enable Lockdown Mode on iPhone and iPad guide.

Here's a close look at how the new service works and how to set it up on the iPhone 14 Pro and other supported devices, including all the best iPhones and best iPads

What is Advanced Data Protection?

For years, Apple has been committed to providing industry-leading data security for its products and services. Much of this focus has been on iCloud, Cupertino's cloud computing and backup service. With Advanced Data Protection activated, Apple brings to 23 the number of sensitive data categories that use end-to-end encryption. In addition, it now includes iCloud Backup, Notes, and Photos. 

With the change, only iCloud Mail, Contacts, and Calendar are not covered by end-to-end encryption. Apple says this is because of "the need to interoperate with the global email, contacts, and calendar systems."

Advanced Data Protection is not turned on by default; e.g., it's an optional setting. When activated, iCloud data access is restricted to your trusted devices only. This means Apple and hackers alike can't decrypt your data.

What happens after activating Advanced Data Protection?

Apple explains in its Advanced Data Protection support document that your trusted device performs two actions once the service is turned on. First, communication is made between it and your other supported devices, indicating you want end-to-end encryption on iCloud. This process involves writing code into the iCloud Keychain. 

Second, it removes the previously installed iCloud authentication tools from Apple data centers. Apple notes this "deletion is immediate, permanent, and irrevocable." Once the removal, Apple can no longer access your iCloud data that are protected by end-to-end encryption. 

Finally, Apple contends, "After the service key rotation is successful, new data written to the service can't be decrypted with the old service key. It's protected with the new key which is controlled solely by the user's trusted devices, and was never available to Apple."

Advanced Data Protection requirements

There are important requirements for using Advanced Data Protection. These include: 

  • Two-factor authentication must already be activated.
  • You must be signed in to your Apple ID devices.
  • Each of your devices must be updated to at least iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2, and the latest version of iCloud for Windows.
  • Finally, you must set up at least one alternative recovery method. One or more recovery contacts or a recovery key. These are required to recover iCloud data if access is lost for whatever reason. 

Activating Advanced Data Protection

The optimal way to activate Advanced Data Protection is through an iPhone with iOS 16.2 or later installed. Here are the steps:

  1. Tap on the Settings app on your iPhone. 
  2. Choose your name at the top of the page. 
  3. Select iCloud.

To activate Advanced Data Protection, tap on the Settings app on your iPhone. Choose your name at the top of the page. Select iCloud.

(Image credit: iMore)

Next:

  1. Scroll down, and select Advanced Data Protection.
  2. Tap Turn On Advanced Data Protection.
  3. Choose Set Up Account Recovery.

To activate Advanced Data Protection, scroll down, select Advanced Data Protection. Tap Turn On Advanced Data Protection. Choose Set Up Account Recovery.

(Image credit: iMore)

You can either assign a recovery contact or create a recovery key. You'll need to keep track of your selection if you can no longer access your iCloud connection. 

To add a recovery contact on the active page: 

  1. Tap Add Recovery Contact.
  2. Choose Add Recovery Contact a second time.
  3. You can select a contact from your existing Apple Family list or add someone else. 

To activate Advanced Data Protection, tap Add Recovery Contact. Choose Add Recovery Contact a second time. You can select a contact from your existing Apple Family list or add someone else. Select Next.

(Image credit: iMore)

From there: 

  1. Tap Next at the top right.
  2. Choose Send. Once you do, the person on the other end will receive a text for which they must accept to become your recovery person. They too need to have a supported device to make the acceptance. 

If you rather create a recovery key, go back to Step 3 above, then: 

  1. Tap Recovery Key.
  2. Toggle on Recovery Key.
  3. Confirm your selection by tapping Use Recovery Key

To activate Advanced Data Protection, tap Recovery Key. Toggle on Recovery Key. Confirm your selection by tapping Use Recovery Key.

(Image credit: iMore)

From there: 

  1. Type your iPhone passcode.
  2. Make a note of the recovery key on the next screen and KEEP A PHYSICAL COPY SOMEWHERE SAFE. 
  3. Tap Continue.
  4. Manually type in the recovery key
  5. Tap Next.

That's it; your recovery key has been activated. Again, keep a physical copy of this key somewhere. Apple DOES NOT have a record of this. From now on, 23 sensitive data categories in iCloud will be protected through end-to-end encryption.

Turning off Advanced Data Protection

You can turn Advanced Data Protection off at any time by:

  1. Tap on the Settings app on your iPhone. 
  2. Choose your name at the top of the page. 
  3. Select iCloud.
  4. Scroll down, and select Advanced Data Protection.
  5. Tap Turn Off Advanced Data Protection. Follow the additional instructions. 

A good beginning

Advanced Data Protection is launching in the United States at the end of 2022. It will arrive in the rest of the world in early 2023. We'll update this post for whatever changes that may come between now and when Apple releases iOS 16.2 and other software updates in the coming weeks. 

Bryan M Wolfe
Staff Writer

Bryan M. Wolfe has written about technology for over a decade on various websites, including TechRadar, AppAdvice, and many more. Before this, he worked in the technology field across different industries, including healthcare and education. He’s currently iMore’s lead on all things Mac and macOS, although he also loves covering iPhone, iPad, and Apple Watch. Bryan enjoys watching his favorite sports teams, traveling, and driving around his teenage daughter to her latest stage show, audition, or school event in his spare time. He also keeps busy walking his black and white cocker spaniel, Izzy, and trying new coffees and liquid grapes.