Thoughts on Contacts, Calendar, Mail non-encryption in iOS 16.2

[hyperbolic]

Apple’s increased end-to-end encryption in iOS 16.2 is a great thing, and long overdue. It’s a real shame they are not going all the way and still leaving Contacts, Calendars, and Mail out of the E2E encryption. The “interoperability” reasoning they give for this is completely bogus.

Calendars are most puzzling — if you choose to share a calendar event that does NOT require Apple to have access to your entire Calendar! And if you choose to use Apple shared calendars with other people, if everyone else has E2E enabled on their phone, then it should be no different than Shared Photo Library E2E encryption.

The reasoning for Mail is a little more reasonable — if you want Apple to filter out Junk mail or push new-email notifications to your phone, they may indeed need access to your mail database. On the other hand, there’s no reason why they should not allow the user to opt out of junk mail filtering & real-time email push notifications in order to allow that person’s Mail to be fully E2E encrypted if the user wishes. In fact, Apple should go all the way with the Mail.app and seamlessly integrate PGP encryption in iCloud-to-iCloud email. In fact, the entire email industry should standardize on PGP and all encryption keys should be seamlessly managed in all email client apps so that email is finally secure worldwide. It’s been 50 years, you’d think they’d have done this already.

The “biggie” is Contacts. I can’t think of a SINGLE reason why Apple servers would need access to a person’s entire contacts database. Any functionality that requires that should be implemented on the users device only, with nothing being sent to Apple. But worse yet, Apple is claiming it needs your contacts for “backend” things. WHAT things? I have my Contacts turned off in iCloud and my iPhone works just fine.

If you ask me, I think Apple caved to the USG here. The government probably threatened Apple and said something like, if you move forward with full E2E encryption, you ought not even so much as consider adding Calendars, Contacts, and Mail to the encrypted set.

But… as an end user that fine by me, because beginning in iOS 16.2, I’m ditching Apple Mail, Calendar, and Contacts for an E2E secure service, for example ProtonMail (and there are 4-5 others that are equally secure and max-privacy oriented).

 

[russell_314]

Part of me gets excited when I see improvements to privacy and then another part thinks yeah this is just another scam to sell more products. It feels like no matter what you do your data is going to be accessible by someone whether you want it or not. Even if you turn off iCloud completely there's nothing saying your data can't be remotely accessed.

I find some of the privacy focused solutions like proton mail and certain VPNs interesting but I wonder if they're just honeypots.

I think it's what type of privacy you're looking for that matters. If you're looking at privacy from Google or other advertisers then Apple provides that. If you're looking for privacy from some government because you live in a terrible place then I don't think Apple is where it's at.

 

[Morac]

Apple explains why they can’t e2e encrypt email, Calendar and Contacts in the support document.

1. iCloud Mail: iCloud Mail does not use end-to-end encryption because of the need to interoperate with the global email system. All native Apple email clients support optional S/MIME for message encryption.
2. Contacts and Calendars: Contacts and calendars are built on industry standards (CalDAV and CardDAV) that do not provide built-in support for end-to-end encryption.

Mail is the easiest to understand as if your email was e2e encrypted, it couldn’t actually be sent or received since only your devices would be able to encrypt and decrypt it. Received mail arriving on Apple’s servers would be unencrypted anyway.

Unless Apple implements their own Contact and Calendar syncing protocol like they did for Notes, that can’t be e2e encrypted either. That is something Apple could do, but then it would limit iCloud Contacts and Calendars to only work with Apple devices and software.

 

[Vlad Soare]

Mail is the easiest to understand as if your email was e2e encrypted, it couldn’t actually be sent or received since only your devices would be able to encrypt and decrypt it. Received mail arriving on Apple’s servers would be unencrypted anyway.

So, send it and receive it unencrypted, but store it encrypted on your device and in the cloud. Wouldn't this work?
If someone happens to sniff your traffic just as you're sending or receiving it to/from the internet, that's fair game, but at least it would be protected against future attempts at hacking your phone or iCloud account.

 

[Morac]

So, send it and receive it unencrypted, but store it encrypted on your device and in the cloud. Wouldn't this work?

Could Apple do this? Yes, if they wanted iCloud Mail to only work with Apple Mail rather than use IMAP, but it makes little sense to do so.

If you are going to send and receive an non-E2E encrypted copy of every E2E encrypted mail message, then what’s the point of even using E2E encryption?

That’s like putting a piece of paper in a safe and then leaving a photocopy of it on your kitchen counter.

For what it’s worth, mail is encrypted on Apple’s servers, it’s just they have the encryption key which is about the best you are going to get unless you encrypt mail yourself using the industry standard S/MIME.

 

[Vlad Soare]

Could Apple do this? Yes, if they wanted iCloud Mail to only work with Apple Mail rather than use IMAP, but it makes little sense to do so.

Yes, that's what I was thinking of. You could be allowed to choose whether you want to use IMAP (with all its inherent privacy risks) or E2E encryption (in which case you'd be limited to reading and writing e-mails on an Apple device, using only Apple software). People who are already using Apple devices and Apple Mail exclusively would not mind giving up IMAP.
But I'm not sure how hard it would be for Apple to make it optional. If it must be either IMAP for all or E2E for all, then you're right, it wouldn't make much sense.

 

[MegaBlue]

The answer to your question was already provided by Apple: those services still need to maintain compatibility with systems already in place, and E2E for those services impacts that in a significant enough way.

Yes, that's what I was thinking of. You could be allowed to choose whether you want to use IMAP (with all its inherent privacy risks) or E2E encryption (in which case you'd be limited to reading and writing e-mails on an Apple device, using only Apple software). People who are already using Apple devices and Apple Mail exclusively would not mind giving up IMAP.
But I'm not sure how hard it would be for Apple to make it optional. If it must be either IMAP for all or E2E for all, then you're right, it wouldn't make much sense.

Unless you exclusively email other iCloud.com emails that have end to end encryption enabled, this solution does nothing. Any of your sent and received emails would be encrypted on your server, sure, but your sender/recipient has just nullified the major benefit of encrypted communication. At that point, makes more sense to just download your email messages and keep them encrypted locally.

 

[hyperbolic]

Apple explains why they can’t e2e encrypt email, Calendar and Contacts in the support document.



Mail is the easiest to understand as if your email was e2e encrypted, it couldn’t actually be sent or received since only your devices would be able to encrypt and decrypt it. Received mail arriving on Apple’s servers would be unencrypted anyway.

Unless Apple implements their own Contact and Calendar syncing protocol like they did for Notes, that can’t be e2e encrypted either. That is something Apple could do, but then it would limit iCloud Contacts and Calendars to only work with Apple devices and software.

I understand your point about Mail, but Apple should not be allowed to hold the encryption key for people who choose to turn on E2E encryption. Here, I’m speaking of the encryption key that encrypts a person’s mailboxes on Apple’s servers. Email services like ProtonMail got this to work, even when you send/receive email to/from a non-ProtonMail user, so why cant Apple figure it out?

Second, in terms of Contacts & Calendars, Apple’s stipulations only apply if the user wants to participate in LDAP or some type of enterprise Calendaring system. As a private end-user who doesn’t use those interoperability features & systems, there’s NO need for Apple to have access to my Contacts & Calendars saved in iCloud if I elect to turn on E2E encryption in iCloud. ESPECIALLY my Contacts. Period. And I don’t think there’s an iCloud user in the world who elects to turn on E2E that would disagree with me.

 

[hyperbolic]

The answer to your question was already provided by Apple: those services still need to maintain compatibility with systems already in place, and E2E for those services impacts that in a significant enough way.



Unless you exclusively email other iCloud.com emails that have end to end encryption enabled, this solution does nothing. Any of your sent and received emails would be encrypted on your server, sure, but your sender/recipient has just nullified the major benefit of encrypted communication. At that point, makes more sense to just download your email messages and keep them encrypted locally.

Does Apple allow POP3 for iCloud mail instead of IMAP? In that case, I suppose you have a point…. But would my nightly iCloud backup include the mailboxes I have stored locally, and backup in an incremental fashion so the entire 15GB doesn’t need to re-upload upon every backup? If so, I might try that route.

 

[WarmWinterHat]

Does Apple allow POP3 for iCloud mail instead of IMAP? In that case, I suppose you have a point…. But would my nightly iCloud backup include the mailboxes I have stored locally, and backup in an incremental fashion so the entire 15GB doesn’t need to re-upload upon every backup? If so, I might try that route.

iCloud mail is IMAP only; no POP3