Apple pulls iCloud end-to-end encryption feature for UK users after government demanded backdoor

Apple confirmed Friday that it “can no longer” offer a security feature that allows users in the United Kingdom to encrypt their iCloud data. 

In a statement provided to TechCrunch, Apple spokesperson Fred Sainz said the company’s Advanced Data Protection feature will no longer be available to new users and current U.K. users “will eventually need to disable this security feature.”

“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the U.K. given the continuing rise of data breaches and other threats to customer privacy,” the company said. 

“Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before,” the statement said.

The announcement comes after the U.K. government reportedly ordered Apple earlier this year to build a backdoor that would allow British authorities “blanket” access to users’ data stored on Apple’s cloud servers, even if it is end-to-end encrypted. This request, seen as unprecedented in a modern democracy, alarmed privacy and security experts, who argued that if the British government prevailed, the demand would set a precedent for authoritarian countries to follow.

Apple offers users the option to turn on end-to-end encrypted iCloud backups through Advanced Data Protection. This feature effectively makes it impossible for anyone, including Apple and government authorities, to view data stored in iCloud by users who have opted-in.

A spokesperson for the U.K. Home Office did not immediately respond to TechCrunch’s request for comment. 

Apple did not immediately say how the process of disabling ADP will work for users who had already turned it on before Friday. 

James Baker, who works for the U.K. digital rights organization Open Rights Group, said that “The Home Office’s actions have deprived millions of Britons from accessing a security feature. As a result, British citizens will be at higher risk of their personal data and family photos falling into the hands of criminals and predators.”

Apple said that some types of data, including health data, messages stored in iCloud, and payment information, which are end-to-end encrypted by default for all users, will not be affected by this change, and will remain encrypted for everyone. But U.K. users will not be able to opt-in to use end-to-end encryption for the other types of data, such as photos, notes, backups, and other data, which were encrypted under ADP.   

For those who already have ADP enabled, Apple said it will give customers more guidance soon, as well as a period of time to disable the feature to keep using iCloud.

ADP is unaffected for users outside of the United Kingdom, Apple said, and end-to-end encrypted communication services like FaceTime and iMessage are not affected, either.

“As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,” Apple said, linking to its prior statements. 

BBC News reported that ADP stopped being an option for new users starting at 3 p.m. U.K. time on Friday. TechCrunch has also confirmed that ADP is no longer an option for new users in the United Kingdom.

Since the rise of encryption in the mid-1990s, governments worldwide have argued that this data-scrambling technology would allow criminals and terrorists to break the law while evading law enforcement. Over the years, authorities have always found a way, from accessing unencrypted backups to using spyware, to access data directly on people’s devices.  

“If you are not in the U.K., you should turn on ADP now,” Matthew Green, a cryptography expert and teacher at Johns Hopkins University, wrote on X in response to the news. 

“The more people who use it, the harder it will be to shut off this way,” said Green.

Clarified the forms of data protected under Advanced Data Protection in the ninth paragraph.

This story was updated to include the statement from James Baker.