Apple has taken the unprecedented step of withdrawing its highest-level data security tool, Advanced Data Protection (ADP), from UK customers following demands from the government for access to user data.
ADP provides end-to-end encryption, ensuring that only users can access their data, including photos and documents stored in iCloud. Not even Apple can decrypt this data. However, earlier this month, the UK government invoked its authority under the Investigatory Powers Act (IPA) to request access to this encrypted information.
Apple, which has long resisted building so-called “backdoors” into its encryption, warned that compromising security in one jurisdiction would set a dangerous precedent globally. Rather than complying, Apple decided to discontinue ADP in the UK, meaning UK users will no longer have access to fully encrypted iCloud backups.
As of 1500 GMT on Friday, UK Apple users attempting to activate ADP encountered error messages. Existing users will lose access at a later, unspecified date. Without ADP, data stored in iCloud will remain encrypted at a standard level, meaning Apple retains access and could provide it to law enforcement with a valid warrant.
The Home Office refused to confirm or deny the existence of the notice but issued a statement saying: “We do not comment on operational matters.”
Cybersecurity expert Professor Alan Woodward of Surrey University criticized the move, calling it “an act of self-harm” by the UK government. “All they have done is weaken online security and privacy for UK users,” he said, adding that it was naive to assume a US tech giant would comply without global repercussions.
Online privacy expert Caro Robson called Apple’s decision “unprecedented,” stating: “It sets a dangerous precedent if companies can simply withdraw security products rather than cooperate with governments.”
Bruce Daisley, a former senior executive at X (formerly Twitter), echoed these concerns, telling BBC Radio 4: “Apple saw this as a matter of principle. If they conceded to the UK, every government worldwide would demand the same.”
The UK government’s request has sparked global criticism, with privacy advocates condemning it as an “unprecedented attack” on individual data rights. Will Cathcart, head of WhatsApp, warned that “if the UK forces a global backdoor into Apple’s security, it will make everyone in every country less safe.”
US lawmakers have also voiced concerns. Senator Ron Wyden stated that Apple’s withdrawal of ADP from the UK “creates a dangerous precedent that authoritarian regimes may follow.” He further warned that the UK’s demands could endanger US national security and might warrant a reassessment of intelligence-sharing agreements between the two countries.
The debate over encryption often intersects with child safety concerns. The NSPCC urged Apple to balance security with child protection, arguing that encrypted services can hinder the detection of child sexual abuse material (CSAM). However, encryption expert Emily Taylor countered that encryption is essential for consumer privacy and should not be conflated with the dark web, where most CSAM is distributed.
This dispute highlights growing tensions between the US and foreign governments attempting to impose regulations on American tech companies. US Vice President JD Vance recently expressed concerns about “tightening the screws on US tech firms” and warned against foreign governments exerting excessive control over American technology.
Apple maintains that “enhancing cloud storage security with end-to-end encryption is more urgent than ever” and hopes to reinstate ADP in the UK in the future. However, as the UK government doubles down on surveillance laws, this battle between privacy and national security is far from over.
