Logging into App Store on old devices after turning on Advanced Data Protection

[ralphthemagi]

I’m trying to find the answer to a very specific question. I’m hoping someone who has already turn on Advanced Data Protection, and has the appropriate hardware, can physically test this and confirm.

What happens when you try to log into the App Store (on iOS or macOS) on an older device (e.g. iOS 15, like an iPod Touch or macOS 10.12 Monterey, like a 2016 Intel MacBook Pro)—that could not be upgraded to an OS that supports Advanced Data Protection—after Advanced Data Protection has been turned on for an Apple ID/iCloud account?

I noticed that even when you merely log into the App Store—independently of signing into iCloud—it adds that device to your iCloud account. I don’t need/want to use iCloud on these old devices, but I would still like to use the App Store so I can download/update apps on older devices. As far as I can tell it seems like once you turn Advanced Data Protection you can’t log into ANYTHING (e.g. App Store, iMessage, FaceTime, Apple Music, etc.) that uses that Apple ID on an unsupported OS anymore. Can someone confirm if this is true? What error does it give?

 

[FreakinEurekan]

My understanding is you’re correct, though I haven’t tried it myself. There was another article that indicated if you, for example, buy a HomePod that isn’t updated to 16.2 - you’ll need to turn of ADP in order to update it.

 

[MacCheetah3]

To turn on Advanced Data Protection for iCloud, you need:

• An Apple ID with two-factor authentication.
• A passcode or password set for your device.
• At least one account recovery contact or recovery key. If you don't already have one, you'll be guided to set one up when you turn on Advanced Data Protection.
• Updated software on all of the devices where you're signed in with your Apple ID:
  • iPhone with iOS 16.2 or later
  • iPad with iPadOS 16.2 or later
  • Mac with macOS 13.1 or later
  • Apple Watch with watchOS 9.2 or later
  • Apple TV with tvOS 16.2 or later
  • HomePod with software version 16.0 or later
  • Windows computer with iCloud for Windows 14.1 or later

Managed Apple IDs and child accounts are not eligible for Advanced Data Protection.

If one of your devices prevents you from turning on Advanced Data Protection, you can choose to remove that device from your Apple ID device list and try again. While Advanced Data Protection is enabled for your account, you can sign in with your Apple ID only on devices that meet the software requirements listed above.

How to turn on Advanced Data Protection for iCloud - Apple Support

Advanced Data Protection for iCloud offers our highest level of cloud data security and protects the majority of your iCloud data using end-to-end encryption.

support.apple.com

 

[Killerbob]

Has anyone actually tried this?

I want to enable ADP, but have an old 2013 Mac Pro which of course can’t get Ventura.

If I remove the Mac Pro from my iCloud, and then turn on ADP, what SPECIFICALLY happens when I try to log into App Store using my AppleID on my Mac Pro?

 

[Killerbob]

I talked to Apple support, and got my question escalated to their senior tech on iCloud... and...

If you have older devices lingering around, that cannot be upgraded, you will obviously need to sign out of the AppleID you want to enable ADP on, on those devices. Once you have enabled ADP on that AppleID, you cannot use it to log back into the older devices you cannot upgrade to latest version of macOS/iOS. If you try, it will turn off ADP.

One work-around is the create a new AppleID, and assign it as a family member in Family Sharing. That way your original account can share App Store, Subscriptions, etc. with the new AppleID logged into the old devices, whilst continuing to have ADP enabled.

The "master" account can share Photos and Calendar with the new AppleID, but Files and Keychain cannot be shared that way.

 

[ralphthemagi]

One work-around is the create a new AppleID, and assign it as a family member in Family Sharing. That way your original account can share App Store, Subscriptions, etc. with the new AppleID logged into the old devices, whilst continuing to have ADP enabled.

This is what I ended up doing. It’s a pretty good solution. Only hiccup is that you actually have to uninstall every App Store app and then reinstall them, since they are “bound” to the original Apple ID that installed them. Well you don’t have to, but they can’t be updated unless you do.

 

[Killerbob]

Only hiccup is that you actually have to uninstall every App Store app and then reinstall them, since they are “bound” to the original Apple ID that installed them. Well you don’t have to, but they can’t be updated unless you do.

That is not what I have experienced. I cloned my laptop onto my wife's new laptop, and she is logging into the App Store, and she is getting updates left, right and center. We are part of a "Family" though - I don't knowif that is why...

 

[ralphthemagi]

That is not what I have experienced. I cloned my laptop onto my wife's new laptop, and she is logging into the App Store, and she is getting updates left, right and center. We are part of a "Family" though - I don't knowif that is why...

You might have the old user still logged in for the App Store, or the app in question may not have been downloaded by her, but rather by the association with your account.

If you ”Install” an app with Apple ID-A it is bound to ID-A. It requires ID-A’s password to update, even if Apple ID-B later joins a Apple One/iCloud+ Family and is given rights to ID-A's purchases. Despite it being obvious that ID-B has the correct permissions the app will not update without ID-A's password—even if it's a free app.

If Apple ID-B was already part of a Family then it's possible that Apple ID-B never actually installed the app through Apple ID-B, but rather they used the access rights to Apple ID-A purchases.

There are actually three permission states an App Store app can have:
1) Owned by Apple ID-A
2) Owned by Apple ID-B
3) Owned by Apple ID-A, but effectively "leased" to Apple ID-B via Family sharing

These are, effectively, three different apps at least as far as permissions go. So if you are logged in with ID-A, download a bunch of apps bound to ID-A, then create ID-B, log out of iCloud and the App Store with ID-A and log in with ID-B the apps downloaded and installed via ID-A will not be able to receive updates to the apps in place with ID-B's Apple ID. It will instead prompt you to enter ID-A's password (which you won't be able to do anymore if you've upgraded ID-A to ADP or Security Keys). You have to delete the ID-A version of the app and either install it via ID-B's own profile (#2 above) or via ID-A's sharing profile (#3 above).

 

[Killerbob]

Hmmm - next question: can you run ADP on an unsupported Mac where you have used OCLP to install Ventura? Anyone?

 

[Max E Verde]

I have an iPod touch than can only run iOS 9.x. When I last used it, it was logged in to my iCloud account, and I signed out of it on a newer device to add Advanced Data Protection.

Today, I tried logging out of iCloud, and I could not log into the App Store with the same ID.

However, I was able to log in to my Apple ID using iMazing 2, which is commercial software for macOS and Windows, and then transfer apps by searching for apps you have previously claimed on the App Store or downloaded previously as an .ipsw (and attached to my Apple ID) to my iPod.

Edit: I had issues with the app I tried downloading from the App Store, but the apps from the .ipsw seemed to work.

 

[chrfr]

Hmmm - next question: can you run ADP on an unsupported Mac where you have used OCLP to install Ventura? Anyone?

Yes, you can. I have a 2012 Mini and 2012 13” MBP running Ventura 13.2 with OCLP, and ADP is turned on.

 

[RealHuman827]

I somehow successfully added an iPhone 4s running iOS 6.1.3 to my iCloud after I enabled Advanced Data Protection on my iPhone 14 Pro running iOS 16.

I am still trying to find out if this stop the end-to-end-encryption. So far:
- iMessages are syncing.
- notes are not syncing;
- reminders does not sync becuase iOS 13+ needed

 

[katbel]

I somehow successfully added an iPhone 4s running iOS 6.1.3 to my iCloud after I enabled Advanced Data Protection on my iPhone 14 Pro running iOS 16.

I am still trying to find out if this stop the end-to-end-encryption. So far:
- iMessages are syncing.
- notes are not syncing;
- reminders does not sync becuase iOS 13+ needed

Did you eliminated your iPhone 4s first? Or it wasn't in your list ?

What I noticed Apple is very slow to update your devices.
I updated my Apple TV to 16.3 and it doesn't disappear from the list of devices that need to be eliminated or updated in iCloud to use ADP.

 

[RealHuman827]

Did you eliminated your iPhone 4s first? Or it wasn't in your list ?

What I noticed Apple is very slow to update your devices.
I updated my Apple TV to 16.3 and it doesn't disappear from the list of devices that need to be eliminated or updated in iCloud to use ADP.

I added this iPhone 4s to my iCloud after I enabled advanced data protection. It was not there before I enabled it.
I guess iOS 6.1.3 just don't support prompt popups when logging into iCloud, so that's why it does allow me to sign in, but nothing protected by ADP were syncing.

 

[peneaux]

I have two iPhones. An SE (OG) and a 13mini.

I signed out the SE from iCloud (using the 13). Then I used the SE to sign out.
Went back to the 13 and I cannot enable ADP.

It’s upsetting

 

[floral]

I have an iPod touch than can only run iOS 9.x. When I last used it, it was logged in to my iCloud account, and I signed out of it on a newer device to add Advanced Data Protection.

Today, I tried logging out of iCloud, and I could not log into the App Store with the same ID.

However, I was able to log in to my Apple ID using iMazing 2, which is commercial software for macOS and Windows, and then transfer apps by searching for apps you have previously claimed on the App Store or downloaded previously as an .ipsw (and attached to my Apple ID) to my iPod.

Edit: I had issues with the app I tried downloading from the App Store, but the apps from the .ipsw seemed to work.

Is that the iPod touch 5th gen perhaps?

 

[Lycestra]

Can anyone provide additional information on creating a separate AppleID for older devices just to be able to enable ADP on supported devices, and move the devices that don't support it to a separate ID, and linking the purchases via family sharing? Doesn't this require an email address, maybe even a phone number, to do so? Is it possible/reasonable to create a child id for this purpose, which would add some tethering that's not just family-sharing?