Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Advanced Data Protection will complicate new device setup this Christmas

Advanced Data Protection launched with iOS 16.2

Users who have already enabled Advanced Data Protection will have a more complicated device setup process than normal this holiday season, especially for new HomePod and Apple Watch owners. Here's why.

End-to-end encryption across iCloud backups, photos, iMessage , and several more categories is an obvious benefit of Advanced Data Protection. This increased level of privacy and security will drive tech-savvy users to enable the feature ASAP, but it does come with some inconveniences.

Apple says that products must be running the latest operating system updates in order to be signed into an Apple ID with Advanced Data Protection. Otherwise, these products could potentially mishandle the new service keys generated by the feature.

Apple's support document specifies the issue below.

Devices where the user is signed in with their Apple ID must be updated to iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2, and the latest version of iCloud for Windows. This requirement prevents a previous version of iOS, iPadOS, macOS, tvOS, or watchOS from mishandling the newly-created service keys by re-uploading them to the available-after-authentication HSMs in a misguided attempt to repair the account state.

That means any new iPhone, iPad, Mac , Apple TV, Apple Watch, or HomePod must be up to date before being added to an Apple ID. That's not a direct issue for products that can be updated without an Apple ID, but it will create some complications for setup.

Setting up new products while using Advanced Data Protection

An iPhone, iPad, Mac, and Apple TV can be set up without an Apple ID attached. So, users with Advanced Data Protection enabled can turn on the new product, select an option that says something like "Sign into an Apple ID later," and then get the device up to date in Settings.

Products that can't be interacted with unless they are attached to an Apple ID create a different problem. The Apple Watch and HomePod both need to be attached to an account before they can be configured and updated, so users must handle setup a different way.

The most simple option is to turn off Advanced Data Protection, set up the new device, get it updated, then turn Advanced Data Protection back on. This method can be used for setting up new iPhones, iPads, etc. as well if the user wants to avoid the awkward setup procedure mentioned earlier.

Another option would be setting up the products on an Apple ID that doesn't have Advanced Data Protection enabled. Perhaps that would mean setting up a "dummy" account just for this purpose or using a spouse's account to get the product set up. However, that may be complicated as a HomePod can only be set up by the Apple Home Organizer, so keep that in mind.

We recommend turning off Advanced Data Protection for the brief time it takes to set up new products. However, turning off the feature then adding a new product introduces another small complication.

New products can't toggle Advanced Data Protection right away New products can't toggle Advanced Data Protection right away

To prevent a malicious actor from enabling Advanced Data Protection after hacking a user's account from a new device, Apple has applied a limit to the feature. New products won't be able to turn on Advanced Data Protection for a month or so after being added. However, that doesn't prevent other devices from turning it on.

For example, a user with a new iPad would turn off Advanced Data Protection on their iPhone, set up the new iPad, update the new iPad, then turn on Advanced Data Protection from their iPhone. If they attempt to enable the feature from the iPad, they would be stopped by an alert.

This complexity of setting up new products will only be a temporary issue. Eventually, all products purchased new will have updates beyond iOS 16.2, macOS Ventura 13.1, etc. already installed, which will enable new device setup with Advanced Data Protection enabled.



16 Comments

SHK 8 Years · 27 comments

Yeah, I'm thinking this is not worth the trouble.

gatorguy 13 Years · 24630 comments

I expect a flood of problems from new iPhone users next month. IMO they should be strongly advised not to use Advanced Data Protection.  Even for the rest of us I believe overall it will be more of a problem with little to no real benefit if we engage it. An exception would be journalists, activists, high-profile individuals (public figures) and certain business people. For us more common folk it would be creating a headache. But a number of us will do it anyway.

Your phone, your choice.

iOS_Guy80 5 Years · 905 comments

Thank you for this heads up article it will make my “tech life” a lot simpler this week.

dewme 10 Years · 5775 comments

I have not turned ADP on because I have a mix of devices, some with older versions of iOS, macOS, and iPadOS. I’m not sure how ADP handles backward compatibility so I’m not going to do anything that’ll cripple my older devices. 

For now I’ll just add another layer of tinfoil and wait for a very clear and unambiguous article that describes all of the potentially breaking changes that turning ADP on causes to all devices- old and new. This is something that I cannot afford to be wrong about. 

Ok ... looked it up on Apple Support: https://support.apple.com/en-us/HT212520

That makes it easy. Unless all of your Apple devices that use the same Apple ID for iCloud are compatible with ADP, you can't use it. Anywhere. It also kills web access to iCloud data. Of course this makes sense from a security perspective, but it excludes a heck of a lot of existing Apple customers from being able to use ADP at all. I guess I'll check back in a few years after all of my older and unsupported devices buy the farm and go on to the big recycling center in the sky. 

gilly33 10 Years · 444 comments

I have ADP turned off cause I have several devices that are older.