Enabling an iPhone’s built-in encryption is tied to setting a device passcode, with an optional layer for iCloud data through Advanced Data Protection.
An iPhone is already encrypted the moment you set a passcode. That protect-something-in-sight encryption locks the data sitting on your device so a thief who picks up your phone can’t read your photos, messages, or files without that code. The common question — “how to encrypt an iPhone” — usually means two things: verifying that device encryption is active and deciding whether to extend encryption to your iCloud backups with Advanced Data Protection. The setup steps for each are short, but the choices matter.
Does An iPhone Have Encryption By Default?
Yes, but only for data stored directly on the device. Apple’s data protection system is enabled automatically when you have a passcode active — that includes a 4- or 6-digit code, a custom numeric code, or an alphanumeric password. The hardware encrypts the contents using the passcode as part of the key, so someone with physical access cannot read the storage without it. If you never set a passcode, device encryption is not active.
How To Check If Your iPhone Is Encrypted
You can confirm device encryption in two taps. Open Settings and tap Face ID & Passcode (or Touch ID & Passcode on older models). Enter your passcode, then scroll to the very bottom of that screen. If you see the line “Data protection is enabled,” your device encryption is active. If you don’t see it, you need to set a passcode first.
Device Encryption vs iCloud Encryption: The Two Layers
Device encryption and iCloud encryption are different protections, and confusing them is the most common mistake. The table below shows what each layer covers.
| Protection Layer | What It Encrypts | How To Activate |
|---|---|---|
| Device encryption (Data Protection) | All data stored locally on the iPhone — photos, messages, app data, files | Set a passcode in Settings > Face ID & Passcode |
| Standard iCloud encryption | Data in transit to Apple’s servers and on those servers (14 categories end-to-end encrypted) | Active by default with your Apple ID; no extra step |
| Advanced Data Protection | iCloud data that previously was only encrypted in transit and on servers — becomes end-to-end encrypted (23 categories total) | Optional; must be turned on in iCloud settings (iOS 16.2+) |
How To Turn On Advanced Data Protection For iCloud
Advanced Data Protection extends end-to-end encryption to more iCloud categories, including iCloud Backup, Photos, Notes, and Messages in iCloud. Before you start, make sure you are running iOS 16.2 or later and that your Apple ID has two-factor authentication enabled. You will also need to set up an account recovery method if you haven’t already — either a Recovery Contact or a Recovery Key.
Step 1: Update Your Devices
Every Apple device signed into your Apple ID needs to be on a supported version. EFF recommends at least iOS 16.3, iPadOS 16.3, macOS 13.2, tvOS 16.3, and watchOS 9.3 for the feature to work consistently across your account. Check for updates in Settings > General > Software Update on iPhone before proceeding.
Step 2: Enable Account Recovery
If you have not set up a recovery method, go to Settings > [your name] > Sign-In & Security > Account Recovery. Tap Set Up Account Recovery and follow the onscreen instructions. You can choose a Recovery Contact (a trusted person who can help you regain access) or generate a Recovery Key (a 28-character code you must save somewhere safe). If you lose the Recovery Key and have no Recovery Contact, Apple cannot help you recover your account — this is a serious dependency.
Step 3: Turn On Advanced Data Protection
Once your devices are updated and recovery is configured, go to Settings > [your name] > iCloud. Scroll down and tap Advanced Data Protection, then tap Turn On Advanced Data Protection. You may be prompted to update other devices or confirm your recovery setup. Follow the onscreen prompts until the feature is active. A you will see “Advanced Data Protection: On” on that same screen.
What Data Is Not Covered By Advanced Data Protection
Even with Advanced Data Protection enabled, some iCloud data stays encrypted only in transit and on Apple’s servers, not end-to-end. Mail, Contacts, and Calendars remain unencrypted for compatibility with third-party services and email protocols. Apple has confirmed that these categories are excluded from the end-to-end encryption upgrade.
Common Mistakes That Break The Protection
- Assuming Advanced Data Protection encrypts the local device. It does not. The device is protected by your passcode; ADP protects specific iCloud data. They are separate.
- Turning it on without setting up account recovery first. The setup flow will stop you, but users sometimes bypass it and later get locked out. Always configure a Recovery Contact or Recovery Key beforehand.
- Losing the Recovery Key. If you use a Recovery Key and lose the code without a Recovery Contact in place, your data becomes permanently inaccessible. Store the key in a password manager or a physical safe.
- Thinking every Apple service is now end-to-end encrypted. iCloud Mail, Contacts, and Calendars are not covered. This is by design to keep them interoperable with non-Apple apps.
Which Encryption Options Should You Use?
The decision is straightforward. If you only care about securing the phone against a thief, a strong passcode is enough. If you want your iCloud backups, photos, and messages protected from Apple or a data breach, turn on Advanced Data Protection. The table below shows the practical differences at a glance.
| Protection Choice | Who It Protects Against | Key Trade-Off |
|---|---|---|
| Passcode only | Someone with physical access to your phone | iCloud data is not end-to-end encrypted; Apple can decrypt it if legally compelled |
| Passcode + Advanced Data Protection | Physical access + Apple/cloud provider access + many data-breach scenarios | Must manage a Recovery Contact or Recovery Key; losing it means permanent data loss |
Final Checklist: Encrypting Your iPhone Right
Whether you stick with the default device encryption or add the iCloud layer, here is the exact sequence to follow.
- Set a passcode in Settings > Face ID & Passcode — device encryption is now active.
- Verify it by scrolling to the bottom of that same screen. You should see “Data protection is enabled.”
- Update your devices to at least iOS 16.2 or later (preferably 16.3+).
- Enable two-factor authentication on your Apple ID if it is not already on.
- If you want Advanced Data Protection, set up Account Recovery with a Recovery Contact or generate and safely store a Recovery Key.
- Turn on Advanced Data Protection in Settings > [your name] > iCloud > Advanced Data Protection.
- Confirm the feature is on — the screen will toggle to “On” and will show your recovery method.
References & Sources
- Apple Support. “Use Advanced Data Protection for iCloud.” Official Apple setup steps and requirements for Advanced Data Protection.
- EFF (Electronic Frontier Foundation). “How to Enable Advanced Data Protection on iOS and Why You Should.” Detailed walkthrough with caveats about Recovery Key risks and excluded data types.
- EFF Surveillance Self-Defense. “How to Encrypt Your iPhone.” Independent guidance on verifying device encryption and passcode requirements.
- Lifewire. “How to Encrypt an iPhone.” Confirms the passcode-to-encryption relationship and the “Data protection is enabled” check.