Advanced Data Protection will complicate new device setup this Christmas

Advanced Data Protection launched with iOS 16.2

End-to-end encryption across iCloud backups, photos, iMessage , and several more categories is an obvious benefit of Advanced Data Protection. This increased level of privacy and security will drive tech-savvy users to enable the feature ASAP, but it does come with some inconveniences.

Apple says that products must be running the latest operating system updates in order to be signed into an Apple ID with Advanced Data Protection. Otherwise, these products could potentially mishandle the new service keys generated by the feature.

Apple's support document specifies the issue below.

Devices where the user is signed in with their Apple ID must be updated to iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2, and the latest version of iCloud for Windows. This requirement prevents a previous version of iOS, iPadOS, macOS, tvOS, or watchOS from mishandling the newly-created service keys by re-uploading them to the available-after-authentication HSMs in a misguided attempt to repair the account state.

That means any new iPhone, iPad, Mac , Apple TV, Apple Watch, or HomePod must be up to date before being added to an Apple ID. That's not a direct issue for products that can be updated without an Apple ID, but it will create some complications for setup.

Setting up new products while using Advanced Data Protection

An iPhone, iPad, Mac, and Apple TV can be set up without an Apple ID attached. So, users with Advanced Data Protection enabled can turn on the new product, select an option that says something like "Sign into an Apple ID later," and then get the device up to date in Settings.

Products that can't be interacted with unless they are attached to an Apple ID create a different problem. The Apple Watch and HomePod both need to be attached to an account before they can be configured and updated, so users must handle setup a different way.

The most simple option is to turn off Advanced Data Protection, set up the new device, get it updated, then turn Advanced Data Protection back on. This method can be used for setting up new iPhones, iPads, etc. as well if the user wants to avoid the awkward setup procedure mentioned earlier.

Another option would be setting up the products on an Apple ID that doesn't have Advanced Data Protection enabled. Perhaps that would mean setting up a "dummy" account just for this purpose or using a spouse's account to get the product set up. However, that may be complicated as a HomePod can only be set up by the Apple Home Organizer, so keep that in mind.

We recommend turning off Advanced Data Protection for the brief time it takes to set up new products. However, turning off the feature then adding a new product introduces another small complication.

To prevent a malicious actor from enabling Advanced Data Protection after hacking a user's account from a new device, Apple has applied a limit to the feature. New products won't be able to turn on Advanced Data Protection for a month or so after being added. However, that doesn't prevent other devices from turning it on.

For example, a user with a new iPad would turn off Advanced Data Protection on their iPhone, set up the new iPad, update the new iPad, then turn on Advanced Data Protection from their iPhone. If they attempt to enable the feature from the iPad, they would be stopped by an alert.

This complexity of setting up new products will only be a temporary issue. Eventually, all products purchased new will have updates beyond iOS 16.2, macOS Ventura 13.1, etc. already installed, which will enable new device setup with Advanced Data Protection enabled.