14 DAY TRIAL // Inbound emails from Google or Yahoo are currently not encrypted when sent over to an iCloud email account. This also applies to outgoing emails to addresses other than me.com/icloud.com. However, Apple will soon take steps to remedy this situation.
Apple is actually “one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers,” according to a profile on NPR.
Looking at how tech companies protect user data from the likes of NSA, the network caught Apple’s attention with its report “...the company told us this would soon change. This affects users of me.com and mac.com email addresses.”
The Cupertino giant currently encrypts iMessages end to end, and it is also making it more difficult to track its users’ identity on Wi-Fi networks with iOS 8 (scrambling MAC addresses), coming this fall. Emails coming and going within the walls of iCloud are also safe from eavesdropping.
However, data packets coming from outside Apple’s walled garden are not.
Further investigations have shown that “many app installations and iOS updates are sent unencrypted to iPhones,” while “the configuration files that let your telecom company control aspects of how your iPhone works is also unencrypted.” As far as these updates are concerned, Apple says it can’t do anything about them.
Finally, all browsing/shopping traffic from the Apple Store before the user logs on with an account is unencrypted as well. The company has not provided a date for when all this will be fixed.
According to Apple’s Support site, “iCloud secures your data by encrypting it when it is sent over the Internet, storing it in an encrypted format when kept on server (review the table below for detail), and using secure tokens for authentication.”
“This means that your data is protected from unauthorized access both while it is being transmitted to your devices and when it is stored in the cloud. iCloud uses a minimum of 128-bit AES encryption—the same level of security employed by major financial institutions—and never provides encryption keys to any third parties,” the company adds.
However, Apple fails to mention that the same thing doesn’t apply to messages and attachments sent over to and from other email providers. The Mac maker will not only have to take steps internally to remedy the situation, but it will also have to team up with Google, Yahoo, and other email providers to address the encryption problem.