Apple Withdraws Encrypted iCloud Storage from UK Following Government’s Demand for Backdoor Access

In a major move, Apple has discontinued its Advanced Data Protection (ADP) service for users in the United Kingdom. This decision follows a confidential order from the UK government, requiring the company to grant backdoor access to encrypted data stored on Apple iCloud Storage.

The ADP service, introduced by Apple in December 2022, was designed to offer end-to-end encryption for iCloud users, ensuring that only the account holder could access their data. This feature provided an additional layer of security for sensitive information, including photos, documents, and messages, by preventing unauthorized access, even from Apple itself.

However, under the UK’s Investigatory Powers Act of 2016, often referred to as the “Snooper’s Charter,” the government possesses the authority to issue Technical Capability Notices (TCNs). These notices can mandate companies to remove electronic protection applied to communications or data. In January 2025, the Home Office served such a notice to Apple, requiring the company to create a means for government agencies to access encrypted content stored on iCloud.

Apple, known for its staunch stance on user privacy and security, expressed profound disappointment over the government’s demand. The company has consistently maintained that creating backdoors for government access would compromise the security of all users, potentially exposing data to malicious actors. In a statement, Apple emphasized its commitment to user privacy, stating that it has never created backdoors for any of its products or services and has no intention of doing so.

As a result of the government’s order, Apple has decided to withdraw the ADP service from the UK market. Effective immediately, new users in the UK will no longer have the option to enable ADP for their iCloud accounts. Existing users who have already activated the service will be required to disable it manually to continue using iCloud services. Apple has indicated that it does not have the capability to deactivate the feature on behalf of users and will provide guidance to assist them through the process.

The removal of ADP means that data stored in iCloud by UK users will no longer benefit from end-to-end encryption. Consequently, Apple will have the ability to access this data and, if presented with a valid warrant, share it with law enforcement agencies. Despite this change, certain categories of data, such as iCloud Keychain passwords, Health app data, and communications via iMessage and FaceTime, will continue to be protected by end-to-end encryption and remain unaffected by the recent policy shift.

The UK’s demand has sparked a broader debate about the balance between national security and individual privacy rights. Proponents of the government’s position argue that access to encrypted data is essential for combating serious crimes, including terrorism and child exploitation. They contend that encryption can serve as a shield for criminals, making it difficult for law enforcement agencies to gather critical evidence.

Conversely, privacy advocates and cybersecurity experts warn that creating backdoors undermines the overall security of digital systems. They argue that once a vulnerability is introduced, it can be exploited by unauthorized parties, including hackers and foreign adversaries, thereby increasing the risk of data breaches and cyberattacks. The Electronic Frontier Foundation, a digital rights organization, has criticized the UK’s approach, stating that weakening encryption jeopardizes the safety and privacy of all users.

This incident is not isolated but part of a broader global discourse on encryption and government access. Other tech companies have faced similar pressures in different jurisdictions. For instance, messaging platforms like WhatsApp have previously clashed with governments over demands to access encrypted communications. These situations highlight the ongoing tension between upholding user privacy and addressing legitimate security concerns.

The Home Office has declined to comment on the specifics of the order issued to Apple, citing operational sensitivities. A spokesperson reiterated the government’s commitment to ensuring that law enforcement agencies have the necessary tools to protect the public while also upholding citizens’ rights and freedoms.

In the wake of Apple’s decision, users in the UK are advised to review their data security practices. While certain data types remain encrypted, the absence of ADP means that a broader range of information stored on iCloud is now accessible to Apple and, by extension, potentially to government agencies upon request. Users concerned about privacy may consider alternative methods of data storage and encryption to safeguard their information.

This development underscores the complex interplay between technology, privacy, and government authority in the digital age. As governments worldwide grapple with the challenges posed by encryption, the outcomes of such disputes will have far-reaching implications for user privacy, corporate policies, and the future of digital security.

The situation remains dynamic, and further discussions between technology companies, governments, and civil society are anticipated as stakeholders seek to navigate the intricate balance between security imperatives and the protection of individual privacy rights.