When you turn on Advanced Data Protection, third-party app data stored in iCloud Backup and CloudKit encrypted fields and assets are end-to-end encrypted.
If our beloved developers could make it so that our data is end-to-end encrypted when we switch on Advanced Data Protection, it would be wonderful! And it seems like it would not be too much work (design the data as encrypted, I guess?)
I have not installed iOS 16.2 yet but my understanding is the new Advanced Data Protection is not open to third-party developers. If this will be at some point made available to devs (or even better, it just works) we’ll be glad to integrate it.
Mind CloudKit already provides non-e2e encryption as some services un ADP but we do provide our own.
Thanks for your answer! CloudKit is concerned as well by the blanket E2EE, is my understanding. In the same way that your files are encrypted but still available to your apps locally. I might be very mistaken on that front, but if not, it would be great if Bear could be made compatible
It seems that developers must take some kind of step so it falls under ADP.
“Advanced Data Protection also automatically protects CloudKit fields that third-party developers choose to mark as encrypted, and all CloudKit assets.”
And: " iCloud stores some data without the protection of user-specific CloudKit service keys, even when Advanced Data Protection is turned on. CloudKit Record fields must be explicitly declared as “encrypted” in the container’s schema to be protected, and reading and writing encrypted fields requires the use of dedicated APIs."
Yes, as you can see on the API page you linked encryptedValues is available only on macOS 12+ and iOS 15+. This is a huge problem for us because B2 actually supports macOS 10.15+ and iOS 14+ so we can’t support this API without dropping a considerable portion of users currently using B1.
Usually, we can check inside the code the OS version the user is running and eventually enable a version-specific API but this is different because we are not aware of the other user devices and which OS they are running. Otherwise, we can find ourselves in situations where some user devices can’t sync.