We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

UK Directs Apple to Weaken iCloud Security With Backdoor

UK Directs Apple to Weaken iCloud Security With Backdoor
Author Image Anka Markovic Borak
Anka Markovic Borak First published on 13th February 2025 Writer and Quality Assessor

Apple has been instructed by UK authorities to create a backdoor in its iCloud encryption, as announced by the Washington Post. The directive, issued under the Investigatory Powers Act, would grant the government access to encrypted user data, affecting iCloud users not just in the UK, but globally.

This order reportedly targets Apple's Advanced Data Protection (ADP), an enhanced encryption feature launched in 2022. ADP extends end-to-end encryption to iCloud backups and files, preventing Apple from accessing users’ stored data. Under standard settings, iCloud encrypts data with keys stored on Apple’s servers, making decryption possible. However, ADP secures files using encryption keys stored solely on user devices, leaving Apple unable to access them.

The UK’s demand is backed by the 2016 Investigatory Powers Act, which allows law enforcement to compel companies to aid in investigations through technical capability notices. These notices are confidential by law. Apple is believed to have received one from the UK Home Office last month, requiring modifications to ADP to allow government access.

Cybersecurity specialists caution that embedding a backdoor would compromise security, making user data more vulnerable to cyber threats. If implemented, Apple would be legally prevented from informing customers about the change.

The company has the right to appeal the order before a confidential panel, which assesses factors such as cost and necessity. Additionally, a judge would determine whether the order is justified. Despite the appeal process, compliance is mandatory while the case is reviewed.

Rather than weaken encryption, Apple may opt to disable ADP in the UK. Last year, the company suggested this possibility in a parliamentary submission regarding amendments to the Investigatory Powers Act. Removing ADP in the UK would protect encryption in other regions while avoiding compliance with the country’s security-altering mandates.

This move could influence encryption policies for other tech firms. Google introduced end-to-end encrypted backups for Android in 2018 but has not disclosed whether it received similar government requests. Meta, which secures WhatsApp with end-to-end encryption, has publicly committed to resisting backdoors.

Earlier this year, Apple was facing additional security issues. Cybercriminals were using deceptive techniques to circumvent Apple iMessage’s phishing protection, luring users into manually enabling disabled links in scam messages.

About the Author

Anka Markovic-Borak is a writer and quality assessor at vpnMentor, who leverages her expertise to write insightful articles on cybersecurity, driven by her passion for protecting online privacy. She also ensures articles written by others are reaching vpnMentor's high standards.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address