X

How and Why You Should Enable Advanced Data Protection on Your iPhone, iPad and Mac

ADP gives you the highest level of encryption on your Apple devices. Here's how to turn it on.

Headshot of Jeff Carlson
Headshot of Jeff Carlson
Jeff Carlson Senior Writer
Jeff Carlson writes about mobile technology for CNET. He is also the author of dozens of how-to books covering a wide spectrum ranging from Apple devices and cameras to photo editing software and PalmPilots. He drinks a lot of coffee in Seattle.
Expertise mobile technology, apple devices, generative ai, photography
Jeff Carlson
4 min read
apple-security-keys-fbi-2151.jpg
CNET

If you live in the UK, the security of your data on Apple devices just took a hit. But if you're anywhere else, you can take steps to bolster your private information.

Tech Tips

Last week Apple took the unusual step of turning off its highest level of iCloud encryption, Advanced Data Protection, for customers in the UK. The British government has reportedly demanded that Apple provide a method for law enforcement to access encrypted data as part of criminal investigations. But that creates a serious security problem, because this type of backdoor access can also be exploited by criminals or untrustworthy governments.

For people in the UK, ADP can no longer be enabled. If you're currently using ADP, you'll need to turn off the feature at a future date.

If you're outside the UK and concerned about who can see your data, ADP adds an extra layer of security by making it unreadable even by Apple. If ADP is disabled, your data could be at risk because it can still be unlocked by Apple, a legal request or a data breach. 

Here's how to turn Advanced Data Protection on, and how it differs from the default iCloud encryption methods.

Watch this: I Made Things Weird Trying TSA's New Shoe Scanner Machine

How does Advanced Data Protection work?

The key difference between ADP and how Apple encrypts data by default is how accessible your information is when stored on Apple's servers.

In what Apple calls standard data protection, information sent between points, such as files stored on iCloud Drive and iCloud backups of your devices, is encrypted and transmitted securely. If someone intercepts that data between the two points, they'll see only gibberish.

That data remains encrypted when it's stored on Apple's servers, so you can access it from other devices, for instance. However, Apple can still access the encryption keys to unscramble and read the data -- and provide it to law enforcement following a legal request.

By contrast, when you enable Advanced Data Protection for iCloud, the data is end-to-end encrypted, meaning only your trusted devices possess the encryption keys to read it. The information remains encrypted on the servers, and not even Apple can access its contents. (Not all iCloud data can be end-to-end encrypted. Apple breaks out which types of information, such as iCloud Mail messages, that remain covered by standard data protection even when ADP is turned on.)

The UK's Investigatory Powers Act -- the "Snooper's Charter" -- makes that inaccessibility illegal, which is why Apple is turning the feature off for UK customers.

Some services are end-to-end encrypted regardless due to the sensitivity of the data, such as passwords, information stored in the Health app and payment information.

Make sure your account is set up for Advanced Data Protection

To set up ADP on your account, first make sure you've met all the prerequisites for the feature:

  • Your Apple Account must use two-factor authentication.
  • You must have a recovery method set up in case you lose access to your account. That can be a 28-character Recovery Key or a person you've designated as a Trusted Contact.
  • Every device connected with your Apple Account must be able to run at least iOS 16.2, iPadOS 16.2, MacOS 13.1, WatchOS 9.2, TVOS 16.2, or a HomePod running version 16.0. For Windows computers, make sure iCloud for Windows is at version 14.1 or later. If any of your devices don't qualify, you'll be warned during the ADP setup process. If any of those are too old or you no longer have access to them, tap Remove Devices in Settings and delete them from your list.
Two iPhone screenshots of the process of setting up ADP. At left is a list of incompatible devices on the Apple Account. At right is removing an original Apple Watch.

During the ADP setup process, you may need to first remove any incompatible devices in your iCloud settings.

 Screenshot by Jeff Carlson/CNET

Steps to set up Advanced Data Protection

To turn on ADP on an iPhone, iPad or Mac do the following:

1. Go to Settings > [Your Name] > iCloud. On a Mac, open System Settings > [Your Name] > iCloud.

2. Scroll down to Advanced Data Protection, which likely says Off, and tap that.

Two iPhone system screens showing iCloud options and the Advanced Data Protection feature turned off.

Set up ADP in your iCloud settings.

 Screenshot by Jeff Carlson/CNET

3. If there are any of the aforementioned impediments to setting up ADP, such as needing to update other devices on your account, you'll review them on the next screen.

4. In the following screen, tap Review Recovery Options. You need to have a Recovery Key, Recovery Contact or both to ensure that you can get your data if you lose access to your iCloud account.

5. Enter your device's passcode to finish.

Two iPhone screenshots showing the last steps to enable ADP: Review Recovery Methods and the final notification that ADP is on.

After you review your recovery methods, such as a Recovery Key or Recovery Contact, ADP is enabled.

 Screenshot by Jeff Carlson/CNET

Activating ADP on one device means it's on for all of your devices using the same Apple Account, so you only need to set it up once.

For more on securing your data and devices, see how to securely share a Wi-Fi password with Apple and Android devices and everything you need to know about Apple's new Passwords app.

CES 2025 Home Security Roundup: Upgrades for Locks, Doorbells and More

+2 More
See all photos