UK Government Orders Apple to Create an Encryption Backdoor — Again — This Time for British Residents

The British government initially requested a backdoor in January 2025, leading to Apple refusing and removing Advanced Data Protection (ADP) in February for new users in the U.K., and challenging the order in court. 

Facing mounting international pressure, the U.K. government seemed to change its mind in August, agreeing to drop the Apple encryption backdoor request — though experts warned that the power to undermine encryption remained in the U.K. law and that the order could be reissued. 

Now the British Home Office has issued its requests again, according to the Financial Times; however, this time it would be for British residents only. So far, the Home Office refuses to confirm or deny the existence of the order.

In response to the order, Apple issued a statement announcing it would still refuse the backdoor request and would remove ADP for new British users: “We are deeply disappointed that our customers in the UK will no longer have the option to enable Advanced Data Protection (ADP), especially given the continuing rise of data breaches and other threats to customer privacy.”

Here’s what this all means: Apple is removing ADP for U.K. users, but it remains available for the rest of the world. New U.K. Apple users and those who have not already enabled ADP won’t have the option anymore. 

For those who have enabled ADP, Apple says that it “will soon provide additional guidance” since Apple can’t disable ADP automatically, but British users will have a period of time to disable it to keep using their iCloud account.

Without ADP protection, British users will have Apple’s Standard Data Protection (SDP), which is the default setting for Apple users. SDP means that iCloud data is encrypted in transit and at rest, with the encryption keys secured in Apple data centers. Since Apple holds the keys, it can decrypt data on behalf of users — and technically have the ability to decrypt data for itself or other entities. 

On SDP, Apple holds the encryption keys for iCloud Mail, contacts, calendars, iCloud backup (including device and Messages backup), iCloud Drive, photos, notes, reminders, Safari bookmarks, Siri shortcuts, voice memos, Wallet passes, Freeform and Apple Invites.

However, on SDP 15 data categories are end-to-end encrypted and Apple does not have the decryption keys. This includes: passwords and keychain, health data, journal data, home data, Messages in iCloud, payment information, Apple card transactions, Maps, QuickType Keyboard vocabulary, Safari, screen time, Siri information, WiFi passwords, W1 and H1 Bluetooth keys and Memoji. 

Apple’s communication services, such as iMessage and FaceTime, will retain end-to-end encryption everywhere, including in the U.K.

Matthew Hodgson, the CEO of Element, a U.K.-based firm that creates encryption solutions, told TechRadar that the request weakens international security, not just British encryption. “This is not a question of balance between security and privacy. Weakening encryption by default makes everyone less secure. It is impossible to create a ‘safe’ backdoor in an encrypted system. History has shown us that a backdoor for the government is a backdoor for criminals to exploit.”

We will continue to report on this topic as it develops.