A month ago, Apple confirmed that it would soon start encrypting iCloud Mail traffic in transit.
As Google’s Transparency Report noted at the time, Apple and several major email providers did not properly encrypt email messages sent and received from other providers like Gmail and Yahoo, creating security concerns.
Although Apple only encrypts emails sent between its own iCloud customers, the company appears to have stepped up iCloud Mail security and is now finally protecting your emails from eavesdropping as they travel between various third-party email service providers using end-to-end encryption…
For example, Gmail now encrypts all emails in transit to iCloud. According to Jordan Kahn of 9to5Mac, this change affects users of me.com and mac.com email addresses, as evidenced by Google’s updated Transparency Report website.
German-language Heise.de [Google translate] cautions that Apple’s method of encryption might not be as secure as previously hoped. It appears that Apple is using a version of the RC4 encryption algorithm called RC4-128, thought to be far weaker than the AES-128 algorithm.
Apple has not yet officially commented on the change, but we’ll update the article should the company issue a statement.