Apple announces 3 new security features, including WhatsApp-like iMessage Contact Key Verification

Aside from iMessage Contact Key Verification, Apple has announced two other new security features coming in 2023 to protect your Apple ID account and iCloud data.

Young woman holding her gold iPhone XS in hands and typing on the touchscreen
One of the features was designed to let you verify that you’re communicating only with the intended recipient | Image: Paul Hanaoka / Unsplash
  • What’s happening? Apple has announced three new security features that it says will enable people to protect their most sensitive data and communications.
  • Why care? Better late than never! Rival platforms have had some of the features that Apple is bringing to its users for years now, like checking whether the recipient’s device might have been hacked.
  • What to do? Apple won’t release the new features to the public for some time, but you can learn as much about them now so you’re ready when they drop.

3 new security features coming to Apple products in 2023

Apple unveiled three new security features to improve the privacy of your iMessage exchanges, strengthen the security of your Apple ID and better protect your data in iCloud. The announcement published in the Apple Newsroom on December 7, 2022, outlines three new security features coming later in December 2022 and in early 2023 with iOS 16.2, iPadOS 16.2 and macOS 13.1:

  • iMessage Contact Key Verification
  • Security Keys for Apple ID
  • Advanced Data Protection for iCloud

Both the iMessage Contact Key Verification feature and Security Keys for Apple ID will launch globally in 2023, reveals the announcement.

As for Advanced Data Protection for iCloud, it’s currently available in the United States as a prerelease feature for members of the Apple Beta Software Program (you can apply for free using your existing Apple ID at beta.apple.com.

Advanced Data Protection for iCloud will launch publicly in the United States by the end of 2022, with a global rollout commencing in early 2023.

iMessage Contact Key Verification

iPhone screenshot showcasing the iMessage Contact Key Verification feature in iOS 16.2
iMessage Contact Key Verification is similar to WhatsApp | Image: Apple

You know how you can touch a security code at the bottom of chats in encrypted messaging apps like WhatsApp, Telegram and Signal to double-check that you’re chatting only with whom you intend?

iMessage Contact Key Verification is very much like that. Apple acknowledges that the vast majority of users “will never be targeted by highly sophisticated cyberattacks”, but that won’t be stopping regular users from taking advantage of it.

When turned on, iMessage Contact Key Verification will ping you if a rogue actor breaches iMessage servers and inserts their own device to eavesdrop on these encrypted communications. You’ll also be able to compare a Contact Verification Code in person on FaceTime or through another secure call.

Security Keys for Apple ID

iPhone screenshot showcasing authenticating Apple ID access with a hardware security key
Authenticating Apple ID access with a hardware security key | Image: Apple

You should secure your Apple ID account with two-factor authentication, which requires typing a one-time code after authenticating with your username and password on a new device. But soon, you’ll be able to authenticate accessing your Apple ID account with a wireless hardware security key.

NFC security keys such as the YubiKey from Yubico will work with this feature. This feature is going to prevent even an advanced attacker from obtaining a user’s second factor in a phishing scam, Apple claims.

Advanced Data Protection for iCloud

iPhone screenshot displaying the Advanced Data Protection splash screen in iOS 16.2
Advanced Data Protection brings end-to-end encryption to 9 additional iCloud services, including iCloud Backup, Notes and Photos | Image: Apple

The majority of your data stored in iCloud is protected by end-to-end encryption, meaning no one can read it without the encryption key which resides on your device but you. However, data from many Apple apps that get stored in iCloud still use weaker encryption, as acknowledged by Apple’s iCloud data security overview.

Turning on Advanced Data Protection in your iCloud settings will raise the number of data categories protected by end-to-end encryption from 14 to 23. For example, Notes data, your device backups stored in iCloud, Messages backups and your Photos libraries will be (finally!) end-to-end encrypted to prevent hacking.

Turning on Advanced Data Protection means Apple will no longer store the encryption keys on its servers. As a result of this, you’ll need your passcode, recovery contact or personal recovery key to restore this data. You’ll be asked to add at least one recovery contact or recovery key before turning the feature on. Disabling it will prompt the device to securely upload the encryption keys to Apple’s servers.

This feature doesn’t encompass sensitive data from Health and Maps as it’s already protected using end-to-end encryption. “The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems,” Apple explains. Read: What is Mail Drop and how to use it on iPhone, Mac and PC

Additional resources

Apple has published a complete technical overview of the optional security enhancements offered by Advanced Data Protection in its Platform Security Guide on the web. On top of that, you may want to dive deep into the data breach research titled “The Rising Threat to Consumer Data in the Cloud” [PDF document] by Dr. Stuart Madnick, who is professor emeritus at MIT Sloan School of Management.

Apple also offers Lockdown Mode, a special security feature designed to protect high-value targets such as journalists, human rights activists and diplomats.