Apple has removed security features from iPhones in the UK, in response to demands from the government to be given access to user data.
The tech giant is removing its Advanced Data Protection (ADP) system, which encrypts user files uploaded to the cloud.
It comes after reports that the British government issued Apple with a order under the Investigatory Powers Act 2016 to provide “back door” access to its devices, which would allow intelligence agencies to spy on users.
Neither Apple nor the Home Office has confirmed whether or not the order exists.
Apple said only that it was “gravely disappointed” that it would no longer be able to offer ADP in the UK.
“Apple remains committed to offering our users the highest level of security for their personal data, and are hopeful that we will be able to do so in the future in the United Kingdom,” it said in a statement. “As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
Apple’s ADP feature lets users encrypt their personal data when it is stored online on the company’s servers. It means that when files such as photos or messages are backed up, not even Apple is able to see them, despite hosting them.
Like all of Apple’s encryption tools, that feature has led to criticism from intelligence agencies and others, who argue that it stops them from accessing the data of those engaged in criminal activity.
But experts have warned that the original order, and now Apple’s decision to withdraw the feature, will put users in danger.
Dray Agha, senior manager of security operations at cybersecurity firm Huntress, said: “Apple’s decision to pull Advanced Data Protection in the UK is a direct response to increasing government demands for access to encrypted user data.
“Weakening encryption not only makes UK users more vulnerable to cyber threats but also sets a dangerous precedent for global privacy. Governments argue this helps law enforcement, but history shows that any backdoor created for one party can eventually be exploited by bad actors.
“The broader concern is that this move could pressure other companies to weaken their security, putting personal data worldwide at greater risk.”
Privacy campaigners said that the effects of the decision would echo more broadly.
“This decision by Apple is the regrettable consequence of the Home Office’s outrageous order attempting to force Apple to breach encryption. As a result, from today Apple’s UK customers are less safe and secure than they were yesterday – and this will quickly prove to have much wider implications for internet users in the UK,” said Rebecca Vincent of privacy and civil liberties campaign group Big Brother Watch.
“No matter how this is framed, there is simply no such thing as a ‘back door’ that can be limited only to criminals or that can be kept safe from hackers or foreign adversaries. Once encryption is broken for anyone, it’s broken for everyone, and as we have cautioned, this will not stop with Apple.
“We once again call on the Home Office to immediately rescind this draconian order, and cease attempts to break encryption, before the privacy rights of millions are eroded and the UK further ostracises itself from other democracies around the world.”
