For security reasons, you can’t turn on stronger iCloud encryption from a new device right away

Apple has a good reason to stop you from enabling enhanced iCloud encryption, called Advanced Data Protection, on a new device right away.

iPhone screenshot displaying the Advanced Data Protection splash screen in iOS 16.2
Advanced Data Protection brings end-to-end encryption to 9 additional iCloud services, including iCloud Backup, Notes and Photos | Image: Apple
  • What’s happening? Advanced Data Protection, Apple’s expanded end-to-end encryption for iCloud, cannot be immediately turned on from a brand-new device.
  • Why care? This delay actually protects your iCloud account and data.
  • What to do? Update to iOS 16.2 when it launches on December 12 or 13.

Why enhanced iCloud encryption comes with a delay

Apple announced major security upgrades for iCloud, among them an expansion of end-to-end encryption to device backups and data from apps like Photos and Notes.

The company is calling it Advanced Data Protection for iCloud but governments are already opposing the feature because law enforcement can no longer leverage search warrants to compel Apple to decrypt a suspect’s data stored in iCloud.

Will Simon’s Twitter shared a screenshot of a warning message that appears when trying to turn on enhanced iCloud encryption on a brand-new device.

“Because you recently added this device, you can’t turn on Advanced Data Protection until February 2, 2023,” it reads. Other social media users chimed in, saying they’ve seen deadlines ranging from late January to early February.

Joe Rossignol, MacRumors:

To protect users, Apple does not allow Advanced Data Protection to be enabled from a brand new device for an unspecified period after the device was first set up and added to a user’s Apple ID account.

“This wait time helps protect your account and data,” the prompt notes.

Users can still enable Advanced Data Protection from an older device they added to the same Apple ID account, such as another iPhone, iPad or Mac. In this case, all devices added to that Apple ID account are fully protected by the expanded end-to-end encryption for iCloud, including newer ones that are still in the waiting period.

According to Apple’s support document, Advanced Data Protection enables end-to-end encryption for almost all iCloud data categories except for iCloud Calendar, iCloud Contacts and iCloud Mail due to the need for these services to interoperate with the global calendar, contact and email systems.

How Advanced Data Protection works

Privacy advocates like Advanced Data Protection, calling it a move in the right direction. The FBI not so much—government spooks demand “lawful access by design” which sounds like some kind of a backdoor. With Advanced Data Protection turned on, your encryption keys stored on Apple’s servers are deleted.

This keeps your data unreadable to bad actors even if iCloud gets hacked because encryption keys reside on your device. Toggling Advanced Data Protection off securely uploads encryption keys to Apple’s servers again.

Advanced Data Protection is available on iPhone, iPad and Mac after updating the device to iOS 16.2, iPadOS 16.2 and macOS Ventura 13.1, respectively.

The toggle in Settings → [your_name] → iCloud → Advanced Data Protection is off by default. When setting up Advanced Data Protection, you’ll need to define at least one recovery contact or create a recovery key.