Apple has followed through with its plans of adding end-to-end encryption to iCloud emails sent and received from third-party platforms like Gmail and Yahoo. The company previously only encrypted emails sent between iCloud users, but it has moved swiftly to secure emails in transit between other providers after being called out in a recent NPR article.
The changes are reflected on Google’s transparency website, with a chart revealing that all incoming and outgoing iCloud emails are 100-percent encrypted. So if you have an iCloud.com, Me.com or Mac.com email address, all emails that you send or receive between Gmail, Yahoo or other third-party services should be much more secure, which is good news.
Nevertheless, the NPR found that Apple still has unencrypted data in other areas:
“We found that many app installations and iOS updates are sent unencrypted to iPhones. The configuration files that let your telecom company control aspects of how your iPhone works is also unencrypted. Apple says these updates are authenticated and can’t be changed. All pre-login browsing/shopping traffic from the Apple Store is unencrypted, including all HTML content, images, etc. So if you are a huge Abba fan the NSA could find out.”
A translated German report from Heise.de claims that Apple is using RC4-128 as its encryption algorithm, which is said to be less secure than AES-128.
Apple should make further security improvements in iOS 8 and OS X Yosemite, both of which will be released later this year.