Introduction
On February 21, 2025 [5], Apple announced the discontinuation of its Advanced Data Protection (ADP) feature for new iPhone users in the United Kingdom. This decision was influenced by the UK government’s demand for a backdoor to access encrypted data under the Investigatory Powers Act of 2016, raising significant concerns about user privacy and data security.
Description
Apple announced on February 21, 2025 [3], that it will discontinue its Advanced Data Protection (ADP) feature for new iPhone users in the United Kingdom [2], following pressure from the UK government for a backdoor to access encrypted data under the Investigatory Powers Act of 2016. This feature [2] [6] [8], which previously provided end-to-end encryption (E2EE) for various categories of iCloud data, including iCloud Backup [4] [5] [9], iCloud Drive [4] [5] [9] [11], Photos [2] [3] [4] [5] [6] [9] [11], Notes [4] [5] [9], Reminders [4] [5] [9], Safari Bookmarks [4] [5] [9], Siri Shortcuts [4] [5] [9], Voice Memos [4] [5] [9], Wallet Passes [4] [5] [9], and Freeform [4] [5] [9], will no longer be available to new users [2] [5] [10]. Existing users who had opted into the service will need to disable it manually during a grace period to maintain access to their iCloud accounts.
Reports indicate that the UK government demanded Apple create a “back door” for law enforcement to access information uploaded by users worldwide [3], raising significant concerns over customer privacy and potential data breaches. Apple expressed disappointment over the inability to provide ADP in the UK [6], emphasizing that enhancing cloud storage security with E2EE is more critical than ever [10]. However, without the option for a backdoor, the company felt compelled to discontinue the service, resulting in the loss of the highest level of cloud data security for new users [10]. The removal of ADP means that standard encryption will be used instead [8], with Apple holding the decryption keys [8], making it easier for UK authorities to request user data [8].
While iCloud continues to offer E2EE by default for health data, passwords in the iCloud Keychain [2], and communications via iMessage and FaceTime [2], the removal of ADP affects additional services that will now be protected under standard data protection measures. These measures ensure that iCloud data is encrypted in transit and stored securely [9], allowing Apple to decrypt data when users sign in or recover their accounts [9]. Consequently, Apple may be able to access user data [7], including iMessages [7], in certain situations and share it with authorities if legally obligated [7], although this would still require a warrant [6].
Experts and digital rights advocates have raised concerns that this move could jeopardize data flows between the UK and the EU [13], potentially affecting the UK’s adequacy status with the EU and leading to additional compliance obligations for companies operating in Europe [13]. Privacy advocates have criticized the government’s actions as a significant threat to individual privacy [12], warning that it sets a dangerous precedent for other governments [12]. Security professionals caution that establishing a government backdoor for E2EE would compromise the security of all users and complicate the global landscape of data privacy and security. The NSPCC has called for a balance between user privacy and child safety [12], while other experts emphasize that encryption is essential for consumer privacy [12], highlighting the urgency of enhancing cloud storage security [12].
Apple remains committed to providing high levels of security for user data and has reiterated that it will not create a backdoor or master key for its products. The company hopes to restore data protections in the UK in the future [4], maintaining its stance against creating backdoors for government access [4]. Meanwhile, other tech companies [1] [6] [12], such as Google and Meta [6], continue to offer end-to-end encrypted backups in the UK [6], while ADP remains available outside the UK for users who have updated their devices and activated Apple’s Account Recovery features.
Conclusion
The discontinuation of Apple’s ADP feature in the UK underscores the tension between government demands for access to encrypted data and the tech industry’s commitment to user privacy. While Apple aims to maintain high security standards, the decision highlights potential risks to data privacy and international data flows. The situation calls for a balanced approach to privacy and security, with ongoing discussions about the implications for global data protection standards.
References
[1] https://news.sky.com/story/apple-removes-end-to-end-security-encryption-tool-for-uk-cloud-users-rather-than-renege-on-its-privacy-commitments-to-all-13314094
[2] https://apnews.com/article/apple-iphone-encryption-britain-cybersecurity-c5c37e99b3b9161dbed24231fbd94746
[3] https://www.straitstimes.com/tech/tech-news/apple-says-can-no-longer-offer-full-end-to-end-encryption-to-uk-users
[4] https://arstechnica.com/tech-policy/2025/02/apple-pulls-data-protection-tool-instead-of-caving-to-uk-demand-for-a-backdoor/
[5] https://www.techradar.com/computing/cyber-security/we-will-never-build-a-backdoor-apple-kills-its-iclouds-end-to-end-encryption-feature-in-the-uk
[6] https://www.theverge.com/news/617273/apple-removes-encryption-advanced-data-protection-adp-uk-spying-backdoor
[7] https://www.usatoday.com/story/money/business/2025/02/21/apple-discontinues-advanced-encryption-uk/79461250007/
[8] https://www.techspot.com/news/106879-apple-disables-end-end-encryption-uk-icloud-users.html
[9] https://9to5mac.com/2025/02/21/apple-end-to-end-encryption-uk/
[10] https://www.forbes.com/sites/davidphelan/2025/02/21/apple-warns-uk-iphone-owners-it-will-remove-encryption-protection/
[11] https://techcrunch.com/2025/02/21/apple-pulls-icloud-end-to-end-encryption-feature-for-uk-users-after-government-demanded-backdoor/
[12] https://www.bbc.co.uk/news/articles/cgj54eq4vejo
[13] https://www.infosecurity-magazine.com/news/experts-government-disastrous/
