Apple plans to tighten up its iCloud email encryption, following a report by NPR that runs down a new trend toward security by popular companies.
“Yahoo began encrypting email by default. Google added encryption between its datacenters. Microsoft, Twitter and Facebook all took steps to make it harder for messages you send on their services to be intercepted…” (Via NPR)
“Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers,” NPR writes. “After we published, the company told us this would soon change.”
Apple says iCloud email IS encrypted when it’s going between iCloud accounts. The security hole appears when an iCloud email gets sent to, say, a Gmail account, or comes in from a Yahoo address.
MacRumors explains: for encryption to work, it needs support from both ends. “Both email services involved (such as Apple and Google or Apple and Yahoo) must implement encryption, which means Apple will need to work with other email providers for true end-to-end encryption of iCloud.com email.”
The good news is half that groundwork is already done, according to NPR. It’s just a matter of Apple plugging its email into existing encrypted services.
Apple didn’t indicate exactly when it would add the fresh layer of security, but in the meantime, Google is keeping an eye on encryption practices for a range of email providers — including iCloud — in its own transparency report.