Share to
Facebook Share to
Twitter Share to Linkedin The security of
iPhone photos is suddenly headline news—and so here’s one change you can make to fully secure all the memories on your device and in the cloud… How to keep your iPhone photos fully locked down When EU Competition Commissioner Margrethe Vestager hinted that
Apple might be forced to give users the option to delete its Photos app, she inadvertently focused attention on the security of iPhone’s walled garden: “Apple failed to make several apps un-installable (one of them would be Photos) and prevents end-users from changing their default status (for example cloud), as required by the DMA.” Vestager’s remarks were reported courtesy of John Gruber’s Daring Fireball “Vestager makes clear in her remarks what wasn’t clear in the EC’s announcement of the investigation,” Gruber says, “they have a problem with Photos. If they follow through with a demand that Photos be completely un-installable (not just hidable from the Home Screen, as it is now), this would constitute another way that the EC is standing in as the designer of how operating systems should work.” Rather like location data or access to the phone dialer or microphone or camera, the photos on an iPhone are seen as intrinsically private. Apple has introduced security measure after security measure to make this more so, from masking EXIF location data to selective image sharing. This isn’t akin to changing a browser or app store. There’s Some Good News For ‘3 Body Problem’ Season 2
Ukraine s Drainpipe Drones Open A New Era Of Long Range Strikes iPad 2024 Apple Just Accidentally Revealed An All New Product It Seems Gruber again: “Photos is not just an app on iOS; it’s the system-level interface to the camera roll... integrated throughout the entire iOS system, with per-app permission prompts to grant differing levels of access to your photos.” To offer that iPhone real estate to an alternative supplier is fraught risk. “I honestly don’t even know how such a demand could be squared with system-wide permissions for photo access.” Photo privacy has proven a critical theme across iPhone users. Back in 2021, Apple toyed with the idea of device-side scanning of user photos to identify and flag child
Sexual Abuse material (CSAM) against a database of known images. Such was the backlash to photo analysis that Apple backed down from the idea completely. So, how secure are the photos on your iPhone? As with most of the core data captured on your iPhone, the Photos ecosystem is intrinsically linked to iCloud. This enables you to share images across all your trusted devices, create shared albums, even reduce the size of images on your device with the originals safely stored in the cloud. It’s all seamless. Apple has always relied on device AI to categorize and analyze photos, rather than running this cloud-side. It was this differentiation to Android’s
Google Cloud approach that was a key part of the 2021 backlash. What happens on your iPhone needs to stay on your iPhone, even when that includes its iCloud backend. Encryption-wise, though, it has not been watertight. Secured on your iPhone by its device security, then encrypted in transit to iCloud and at rest when stored on iCloud, but—and it’s a big but—with Apple holding the decryption key. So not entirely private and not entirely secure. But all that changed early last year with the launch of iCloud’s Advanced Data Protection (ADP). This was the most significant enhancement to phone data security in years—for the first time full end-to-end encryption was extended to cover photos stored cloud-side, as well as notes, voice memos, device backups, even iCloud Drive. Apple no longer had access, assuring that ADP “protects the vast majority of your iCloud data, even in the case of a data breach in the cloud.” Ironically, the US Department of Justice’s lawsuit against Apple focuses on the alleged compromise of user security for commercial reasons with iMessage. These latest EU comments would do the opposite, pushing Apple to make users less secure for commercial reasons, introducing competition when it’s difficult to see why it’s needed and where it’s certainly not worth the risk. The comments certainly seem to betray a poor understanding of the way iOS works and why it benefits users. Apple has pushed back hard at the rest of Europe’s Digital Markets Act (DMA) changes, particularly the opening to third-party app stores. “The DMA,” it warns , “requires changes to [its] system that bring greater risks to users and developers. This includes new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats. These changes also compromise Apple’s ability to detect, prevent, and take action against malicious apps on iOS and to support users impacted by issues with apps downloaded outside of the App Store.” Few analysts expect Photos to be detached from iOS—it would be a nightmare for Apple and difficult to see working in practice or providing any material benefits. It seems to be change for change’s sake. But it’s a good prompt to consider the privacy and security of your data and the choices you have made. And ADP is one such choice you can make. It does come with some compromises—primarily that if you lose access to your trusted devices and your backup code, Apple cannot restore any of your data. End-to-end encryption is exactly that, and you run the same risk with any such fully secure messaging or other platform. I have been using ADP for a year and it’s exceptional. It works seamlessly across all devices, providing a new level of security assurance. The only risk is then one of endpoint compromise, which can be largely mitigated by maintaining firmware updates and taking a sensible approach to apps, links, installs and attachments. ADP isn’t for everyone—but if you have chosen to read this article and you pay attention to the level of security on your device, even if that’s protecting relatively theoretical risks such as the
FBI demanding Apple turn over your data, then it’s probably for you. And it’s been long enough in the wild to be well proven. Photos can’t be replaced or restored. I take the view that if there’s additional security and it’s freely available and easy to use, then the decision is a simple one. You can enable ADP from the iCloud settings on your iPhone. All your trusted devices need to have up-to-date firmware. When you turn it on, you will be given a recovery code you can screenshot, print and save somewhere physically secure; you can also nominate a trusted friend or family member who can help you recover your account. And so to the EU. More than app stores and browsers, those latest comments on the core Apple ecosystem go to the heart of why users choose iPhones in the first place. Security, privacy, assurance. Dismantle much of that walled garden and those fall away. Apple then really does start to feel just like
Android. And if that happens, isn’t user choose diminished rather than strengthened... Editorial Standards Print Reprints & Permissions