Apple on Friday said it is working to implement an in-transit encryption solution for its email domains, offering additional protection for iCloud customers sending and receiving messages from people using other providers like Gmail.
Word of Apple's initiative came in a statement provided to NPR after the broadcaster ran a report on its blog looking into the steps big tech firms take to protect users' data privacy.
The story was based on an Electronic Frontier Foundation survey that asked companies like Apple, AT&T, Facebook, Google, Twitter and more about the encryption policies implemented in their products. Specifically, the EFF asked if the firms follow a recommended five-step plan the organization believes keeps consumer data safe.
Specifically, the group looks wants companies to use HTTPS, HSTS , forward secrecy, STARTTLS, and encryption of email while in transit.
While Apple's iMessage inherently supports end-to-end encryption, the company's other text-based communication methods are less secure. Users of Apple's iCloud email service enjoy protections similar to iMessage as long as the conversation is with another iCloud address, but there is currently no encryption method being used for emails in transit between other providers like Google.
As the publication noted in its follow-up, however, Apple is working on the issue and will soon have a solution ready to go.
After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses.
At issue is the STARTTLS extension, which allows for the encryption of text connections between providers. The caveat in using STARTTLS is that both sending and receiving email services must be using it in order to work.
Apple did not offer a timeline on when it plans to roll out end-to-end email encryption outside of iCloud, though Google has started offering specifics on who does and does not support in-transit encryption. As seen above, Google's Safer Email transparency report shows iCloud accounts are also unencrypted, though Apple has not commented on plans to upgrade emails coming and going from those domains as well.