Apple Removes ADP Security for Users in the UK

Apple is (partially) ceding to the UK government’s request to access iCloud data.

Earlier this month, news broke out that Britain had instructed iPhone maker Apple to create a backdoor to allow it to access users’ iCloud backups – for security reasons.

The stories rippled across the media. Security experts warned that if the order goes through, it will open the floodgates to similar actions by adversary nations, as well as state-sponsored hacks.

US lawmakers were up in arms over the alleged order, sending an urgent letter to the newly confirmed Director of National Intelligence Tulsi Gabbard to combat the UK’s order.

The UK government neither confirmed nor denied the claims, refusing to comment. As it turns out, the reports were almost indisputably true.

No more advanced protection for UK users

At the heart of the issue lies the Advanced Data Protection feature (ADP) which, if switched on, ensures that data stored in iCloud is protected by end-to-end encryption –not even Apple has the keys to access it, let alone hand it over to the authorities.

All that is about to change as Apple has issued a press statement confirming it is lifting ADP for UK users:

“Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”

What this means for UK residents

With ADP lifted, authorities can access certain categories of data upon request. These include iCloud Backup, iCloud Drive, Notes, Photos, Safari Bookmarks, Reminders, Voice Memos, Wallet Passes, and several other categories listed under standard protection, as outlined in this Support doc.

Importantly, Apple still protects categories like iCloud Keychain (i.e. passwords), iMessage, and Health data with default end-to-end encryption.

If you consider yourself at risk due to this order, you may consider turning off iCloud backups and perform a local backup for your Apple device, then store it offline on an external drive.

As we note in our recent guide – 10 Cyberthreats iPhone Users Can’t Afford to Ignore in 2025 – awareness is your best defense against threats not visible to the naked eye. Stay informed about cybersecurity matters to ensure you make the right decisions in the digital realm.