What is Apple Advanced Data Protection?

ADP is Apple's optional end-to-end encryption feature for iCloud data. With ADP enabled, even Apple cannot access your photos, backups, notes, and other iCloud data — only your trusted devices hold the encryption keys. Without ADP, Apple holds the keys and can be compelled by governments to hand over your data.

Why did Apple remove ADP in the UK?

The UK government served Apple with a secret Technical Capability Notice under the Investigatory Powers Act 2016, demanding Apple build a backdoor into ADP. Rather than compromise the security of all users worldwide, Apple removed ADP for UK users entirely in February 2025.

Can UK users get Advanced Data Protection back?

As of May 2026, no. Apple has not reinstated ADP for UK users. The UK government's demand remains in place, and Apple has stated it will not weaken its encryption for any government. The legal dispute continues behind closed doors.

Is my iCloud data safe without ADP?

Without ADP, Apple holds the encryption keys to your iCloud data and can be compelled by governments to hand it over. Standard iCloud encryption protects data in transit and at rest, but Apple can still access the content. If you need true privacy, consider local encrypted backups or self-hosted alternatives.

The UK Forced Apple to Kill Encryption — And You Still Don't Have It Back

In February 2025, the UK government did something that privacy advocates had warned about for years: it secretly ordered Apple to build a backdoor into the encrypted iCloud storage of its users. Apple refused. Instead of compromising the encryption that protects billions of devices worldwide, Apple removed Advanced Data Protection entirely for UK users. Over a year later, UK iPhone users still cannot turn on ADP. Their photos, backups, notes, and messages in iCloud are encrypted by Apple — meaning Apple holds the keys and can be compelled to hand over the data. This is the story of how one government's secret demand broke encryption for millions — and why it matters for everyone, not just in the UK. The Secret Demand In early 2025, the UK government served Apple with a Technical Capability Notice (TCN) under the Investigatory Powers Act 2016 — the so-called "Snooper's Charter." The notice demanded that Apple build a backdoor into Advanced Data Protection, its optional end-to-end encryption feature for iCloud data. A TCN is a secret order. Apple was legally prohibited from disclosing its existence to the public. The Washington Post broke the story on February 7, 2025, citing sources familiar with the matter. Apple could not confirm it publicly because of the gag order. The demand was unprecedented in scope. The UK wasn't asking for access to a specific user's data under a warrant. It was asking Apple to redesign its encryption architecture so that the UK government could access any user's encrypted data at any time. Apple's Choice: Backdoor or Withdraw Apple faced an impossible choice: comply and undermine the security of every Apple user worldwide, or refuse and leave UK users without their strongest privacy protection. Apple chose to withdraw ADP from the UK. In a statement, the company said it was "deeply disappointed" and that ADP had been designed to protect users from "the most sophisticated threats, including those from government agencies." The logic was straightforward: Apple builds one operating system for the entire world. A backdoor built for the UK would exist in every iPhone. A vulnerability accessible to UK authorities would be accessible to every government, every intelligence agency, and every hacker who discovered it. This was the same calculus Apple applied in 2016 when the FBI demanded it create a custom iOS version to unlock the San Bernardino shooter's iPhone. Apple refused then, and it refused now. But there's a key difference: in 2016, Apple won the public battle and the FBI withdrew its demand. In 2025, Apple lost the practical outcome. UK users still don't have ADP. What Advanced Data Protection Actually Does To understand what UK users lost, you need to understand what ADP provides. Standard iCloud encryption works like this: your data is encrypted on Apple's servers, and Apple holds the decryption keys. This protects your data from external hackers but not from Apple itself — or from any government that compels Apple to hand over data. Advanced Data Protection changes the model: the encryption keys are stored only on your trusted devices — your iPhone, iPad, and Mac. Apple does not hold the keys. Apple cannot decrypt your data, even if a government orders it to. ADP covers 23 data categories including: iCloud Backup — your entire device backup Photos and Videos — your camera roll iCloud Drive — all your documents Notes — personal and work notes Messages in iCloud — your iMessage and SMS history Wallet passes, Health data, Safari bookmarks, and more Without ADP, all of this data can be accessed by Apple and handed to law enforcement with a valid legal order. With ADP, Apple literally cannot comply — because it doesn't have the keys. This is the protection that the UK government demanded Apple break. And when Apple refused, 30+ million UK iPhone users lost it. The Gag Order Problem The Investigatory Powers Act gives the UK government extraordinary secrecy powers. A Technical Capability Notice comes with an automatic gag provision — the recipient cannot disclose its existence to anyone, including their users. This means that if the UK government orders a company to build a surveillance backdoor, the public will never know. There is no requirement for transparency, no public debate, and no judicial oversight of the secrecy itself. The Washington Post's reporting broke the story, but Apple could not confirm it. The company could only say that it was "deeply disappointed" by a decision it could not publicly identify. This is the same framework that Canada's Bill C-22 would import. C-22 includes similar gag orders for surveillance capability demands. If it passes, Canadians could have backdoors built into their apps and never know about it. Secret surveillance orders with no transparency are incompatible with democratic accountability. You cannot consent to surveillance you don't know about. Why This Affects Everyone — Not Just the UK The UK ADP case has global implications for three reasons: Apple builds one OS worldwide. A backdoor built for the UK would exist in every iPhone, everywhere. The UK government was effectively demanding that Apple compromise the security of its 2+ billion active devices worldwide — including devices used by dissidents in authoritarian countries, journalists in conflict zones, and ordinary citizens everywhere. The Salt Typhoon precedent. In 2024, Chinese state-sponsored hackers exploited the CALEA lawful access infrastructure in US telecom networks — the system built specifically for law enforcement access. Building a door for the "good guys" inevitably creates a door for everyone. The Five Eyes copy-paste effect. The UK, US, Canada, Australia, and New Zealand share intelligence capabilities through the Five Eyes alliance. When one country successfully demands a backdoor, the others follow. Canada's Bill C-22 would give the Canadian government powers nearly identical to those used in the UK. The EU's Chat Control proposal takes the same approach at a continental scale. The UK was the test case. If the demand stands — if Apple never restores ADP — every government with similar legislation will make the same demand. The Global Playbook The UK Apple ADP case is part of a coordinated international strategy to undermine encryption: UK — Used the Investigatory Powers Act to demand Apple backdoor access. Apple withdrew ADP. Feature still not restored. Canada — Bill C-22 would give the Minister of Public Safety the power to issue Technical Capability Notices, exactly like the UK's TCNs, including gag provisions. EU — The Chat Control proposal would mandate client-side scanning of encrypted messages. While the latest vote failed, the file remains open and returns under each new Council Presidency. Australia — The Assistance and Access Act (2018) already gives the government the power to compel companies to build surveillance capabilities into their products. It has been used, but the details are secret. India — The IT Rules require messaging platforms to identify the "first originator" of messages, which is technically impossible with true end-to-end encryption. Each jurisdiction uses slightly different legal mechanisms, but the goal is the same: make encryption optional, then make it impossible. Protecting Your Data Without ADP If you're a UK user — or anyone concerned that your government might follow the UK's lead — here are practical steps: Enable local encrypted backups via Finder (macOS) or iTunes (Windows). Your backup data stays on your computer, encrypted with a password you choose. Apple never sees it. Use Signal for messaging. Signal provides E2EE by default for all messages, calls, and file transfers. It is open source and has committed to leaving any market that mandates backdoors. Consider self-hosted alternatives for photo and file storage. Nextcloud, Syncthing, and similar tools let you keep your data on hardware you control. Use a hardware security key (YubiKey, etc.) for your Apple ID. This prevents unauthorized access even if your password is compromised. Audit your digital footprint using our privacy tools. Know what data you're storing where, and who holds the keys. The UK government's demand to Apple was a watershed moment. For the first time, a major government successfully forced a tech company to remove an encryption feature rather than build a backdoor. The result was worse for everyone — including the UK's own citizens, who now have weaker data protection than they did before. If we don't push back, this will become the new normal. One country at a time, one platform at a time, encryption will be dismantled — not by breaking it, but by making it illegal to offer.