What Apple pulling Advanced Data Protection means for you

Apple has made headlines by pulling its most advanced data security tool for UK customers.

It is removing Advanced Data Protection (ADP) after the Home Office asked for the right to be able to access data which it is applied to - something even Apple itself cannot currently do.

Rather than comply with that request, on Friday the tech giant said it would halt new UK sign-ups to the tool and remove existing user access at a later date.

The move has prompted criticism of the UK government's actions - but also confusion about what protections remain for UK Apple customers.

ADP is an opt-in data security tool designed to provide users of devices such as iPhones with a more secure way to protect data stored in their iCloud accounts.

Items including back-ups, photos, notes and voice memos are given standard encryption by default.

The company can be ordered to hand over this data by law enforcement.

ADP, meanwhile, applies an extra level of protection through what's known as end to end encryption, which means Apple cannot see or access the data - only the user can.

Because Apple does not have a key, losing access to your account can mean losing your data altogether.

It also means law enforcement agencies have no way of accessing such data either.

The tool is independent of the protections for blue messages sent with iMessage, passwords stored in iCloud keychain, Health app data and Facetime, which are end to end encrypted by default.

If you are in the UK and have not turned on ADP, you will not see a change to the way your data is protected as a result of Apple disabling it.

Your iCloud data will remain protected by standard encryption and, as before, can still be accessed by Apple.

But it does mean you now cannot apply to protect iCloud storage with end to end encryption, even if you want to.

Meanwhile, people in the UK who had ADP enabled prior to Friday's change will lose access to it a later date.

Apple has not said when, nor how many UK users will be affected.

Some experts have raised alarm over its removal, saying it will leave users less protected and also have wider, global consequences.

Graeme Stewart of cybersecurity firm Check Point said it would not mean "a complete free-for-all" as law enforcement must have a warrant to request iCloud data.

But he said other governments may look to replicate the UK's demand of Apple for a so-called "backdoor" to encrypted cloud data.

Cybersecurity experts have likened the idea of creating a backdoor to someone leaving their house keys under their doormat - essentially creating a vulnerability which anyone, including bad actors, can exploit.

Digital rights group the Electronic Frontier Foundation said that if Apple had complied with the request, it would have created a backdoor not just for UK users "but for people around the world, regardless of where they were or what citizenship they had".

Apple told the BBC in a statement that it had "never built a backdoor or master key to any of our products, and we never will".

Like Apple, Google says it uses standard encryption across a range of its services to protect data as it moves between users' devices, its services and data centres.

The search giant, which owns Android, has provided further protections for Android phone system back-ups since 2018.

It uses a mechanism that generates a random security key on a device, which is encrypted by a user's lock-screen passcode, pattern or pin.

Google says it cannot see this security key and that the passcode-protected information is sent securely to high security chips in its data centres.

But the same protections do not extend to Google Photos or content stored in Google Drive - which are not end to end encrypted.

It also has an Advanced Protection Program for people who want further security for their account.

This relies on using passkeys to verify the account holder.

Some Samsung Galaxy smartphones also have "enhanced data protection" which encrypts back-ups of messages, call logs, apps and settings and more end to end.