Apple has removed its Advanced Data Protection (ADP) feature for iCloud users in the United Kingdom following a confidential government order demanding a backdoor to encrypted cloud data.
The decision marks Apple's firm stance against compliance with the UK's sweeping surveillance law, the Investigatory Powers Act of 2016.
The move comes just one week after reports revealed that the UK had secretly ordered Apple to create a global encryption backdoor. That order, issued under a technical capability notice, legally compelled Apple to allow British security agencies unrestricted access to iCloud backups worldwide.
The company faced a choice: weaken encryption for all users or remove the feature in the UK entirely. Apple opted for the latter, a decision seen as a direct rebuke of the UK government's demand.
In its statement to Bloomberg, Apple expressed disappointment over the situation, saying, “We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy.” The company reaffirmed that it has never built a backdoor for any of its products or services and never will.
What this means for UK iCloud users
Advanced Data Protection, introduced in 2022, provides end-to-end encryption for a wide range of iCloud data, including:
- Device backups
- iCloud Drive files
- Photos
- Notes
- Reminders
- Messages backups
For users who have already enabled ADP, Apple has implemented a grace period before they are required to disable the feature to retain access to their iCloud accounts. The company has not disclosed how long this transition period will last but has promised further guidance. However, UK users attempting to activate ADP for the first time will now receive an error message stating that the feature is no longer available in their country.
Despite removing ADP, Apple is not stripping away all encryption. Core security protections, including end-to-end encryption for iMessage, FaceTime, passwords, and health data, remain intact. However, the loss of full encryption for iCloud backups means UK authorities may now have greater access to user data stored in Apple's cloud, assuming Apple complies with legal demands for access.
UK's expanding surveillance powers
The UK government's demand for a backdoor falls under the Investigatory Powers Act (IPA), often called the “Snoopers' Charter”, which grants British officials broad authority to compel tech companies to assist law enforcement in decrypting data. A technical capability notice issued under this law is secretive, meaning companies like Apple cannot legally disclose that they have received such an order.
The UK's demand was notable because it sought access not just to data stored in the UK, but globally. If Apple had complied, it would have had to build a backdoor affecting users in every country where iCloud operates, potentially setting a dangerous precedent for governments worldwide—including authoritarian regimes that could demand similar access.
This case echoes Apple's longstanding resistance to government-imposed security backdoors.
What's next?
Apple's decision to remove ADP from the UK reflects a compromise—ensuring compliance with UK law without weakening security worldwide. However, the UK government could still push for broader concessions, potentially leading to further restrictions on Apple's encryption policies or legal battles over compliance.
For UK users concerned about data privacy, alternatives include local device encryption (which remains unaffected) and third-party cloud storage solutions that offer end-to-end encryption outside the reach of UK authorities. Apple has not signaled any intention to pull iCloud services from the UK, but its firm rejection of a backdoor suggests it is willing to scale back security features rather than compromise encryption for all users.
Black Basta Ransomware Chats Leaked Exposing Internal Chaos
Leave a Reply