Apple implements transit encryption for iCloud email to prevent snooping
Apple appears to have completed an initiative designed to increase the security of its iCloud email service by adding end-to-end encryption for messages sent from me.com and icloud.com, according to new data from Google's Gmail.
A report from Gmail's security transparency project suggests that at least 95 percent of the messages sent to Gmail from users of iCloud mail is now encrypted, just one month after Apple initially promised that such a change would be forthcoming. The data is current as of July 10, and it is unclear how it may have shifted in the interim.
Apple is using industry-standard Transport Layer Security, or TLS, infrastructure for the encryption. With TLS, both sending and receiving servers as well as the email messages themselves can be verified for authenticity, nearly eliminating the possibility of email being unknowingly intercepted by a third party.
Unfortunately, due to the nature of the public-key cryptography that underpins TLS, both parties must support the feature in order for messages to remain unreadable. Messages sent from iCloud to private mailservers without TLS support, for instance, will still be delivered unencrypted.
The move is the latest in a series of technical alterations and public statements from Apple designed to restore public confidence in the wake of allegations from NSA whistleblower Edward Snowden that the company had cooperated with the U.S. government. Most recently, Apple beat back accusations from Chinese state media that iOS's location tracking functionality could be mined by foreign governments to reveal sensitive information or "even state secrets."
"Apple is deeply committed to protecting the privacy of all our customers," the company said in response. "Privacy is built into our products and services from the earliest stages of design. We work tirelessly to deliver the most secure hardware and software in the world."