iPhone data encrypts automatically with a passcode. Advanced Data Protection extends end-to-end encryption to iCloud backups and photos.
A passcode turns your iPhone into an encrypted device, scrambling every file and message so that only the correct code unlocks them. The question of how to encrypt iPhone data has a two-part answer on modern iPhones: device encryption happens automatically the moment you set a passcode, and a separate setting—Advanced Data Protection—extends end-to-end encryption to most iCloud data. Most people already have the first layer active without knowing it.
Is Your iPhone Already Encrypted?
Yes, if you have a passcode enabled. Apple’s security design encrypts the entire device by default when a passcode, Face ID, or Touch ID is active. The only scenario where an iPhone stores data without encryption is when no passcode has ever been set — a rare state on any modern phone.
To verify: open Settings > Face ID & Passcode (or Touch ID & Passcode on older models) and enter your current code. Scroll to the very bottom of that screen. If you see the line confirming “Data protection is enabled,” your on-device data is encrypted and the system is working as designed.
How To Set or Strengthen Your Passcode
The passcode is the single key that unlocks all on-device encryption, so its strength matters. A longer or more complex code makes it dramatically harder for anyone with physical access to decrypt the phone.
To change or set a stronger passcode:
- Go to Settings > Face ID & Passcode (or Touch ID & Passcode).
- Tap Change Passcode (or Set Passcode if none exists).
- Tap Passcode Options and select Custom Alphanumeric Code for the strongest option, or Custom Numeric Code for a longer number-only code that still beats the default six digits.
- Enter and confirm your new code. The screen will show “Data protection is enabled” once it is active.
Aim for at least eight characters with a mix of letters and numbers if you choose alphanumeric. The extra seconds spent typing a longer code are the cheapest security upgrade available.
Encrypting Your iPhone Data: The Two Layers You Should Know
Apple divides iPhone data encryption into two distinct layers. The first is the automatic device encryption controlled by your passcode — it protects everything stored locally on the phone. The second is iCloud encryption, which protects data Apple stores on its servers. Standard iCloud protection encrypts data but Apple holds the keys. Advanced Data Protection (ADP) shifts that control to you, so not even Apple can read the protected content.
Apple introduced ADP in the United States in December 2022 and made it available globally in January 2023. It requires minimum software versions on every device tied to your Apple Account: iOS 16.3, iPadOS 16.3, macOS 13.2, tvOS 16.3, and watchOS 9.3.
What Data Does ADP Cover?
ADP extends end-to-end encryption to the majority of iCloud data categories, changing who can access that information. The table below shows how protection levels shift for common data types.
| Data Type | Standard iCloud Protection | With Advanced Data Protection |
|---|---|---|
| iCloud Backups | Encrypted (keys with Apple) | End-to-end encrypted |
| iCloud Photos | Encrypted (keys with Apple) | End-to-end encrypted |
| iCloud Drive files | Encrypted (keys with Apple) | End-to-end encrypted |
| Messages in iCloud | End-to-end* (depends on backup state) | End-to-end encrypted |
| Notes | Encrypted (keys with Apple) | End-to-end encrypted |
| Reminders | Encrypted (keys with Apple) | End-to-end encrypted |
| Voice Memos | Encrypted (keys with Apple) | End-to-end encrypted |
*Messages in iCloud is end-to-end encrypted by default only when iCloud Backup is turned off. With ADP, Messages—including backup copies—stays end-to-end encrypted regardless of the backup setting.
What Stays Outside End-to-End Encryption
Three iCloud categories remain outside ADP’s protection for compatibility reasons. Mail, Contacts, and Calendars are always encrypted on Apple’s servers during transit and storage, but they are not end-to-end encrypted because those data types need to integrate with third-party services, protocols, and non-Apple devices. If you use any of those through iCloud, they remain accessible to Apple and any integrated service.
How To Turn On Advanced Data Protection
Before starting, confirm that every Apple device on your account is updated to the required OS versions and that two-factor authentication is enabled on your Apple Account. Without those two prerequisites, the option will not appear or will fail to activate.
Steps to enable ADP on iPhone:
- Open Settings and tap your name at the top.
- Tap iCloud, then scroll down and tap Advanced Data Protection.
- Tap Turn On Advanced Data Protection.
- Tap Account Recovery and choose one recovery method: a recovery contact (a trusted person who can help you regain access) or a 28-character recovery key that you generate and store securely. If you choose the key, the setup flow will ask you to re-enter it before proceeding.
- Follow the remaining on-screen prompts. ADP activates once the system confirms all your devices meet the requirements.
The EFF’s iPhone encryption guide covers each step in detail and explains what to expect during the recovery setup.
Prerequisites and Limits
A few hard requirements must be met before ADP can activate. The table below lists every condition.
| Requirement | Details |
|---|---|
| Two-factor authentication | Must be enabled on your Apple Account |
| iOS version | 16.3 or later on all iPhones |
| iPadOS version | 16.3 or later on all iPads |
| macOS version | 13.2 or later on all Macs |
| Other Apple devices | tvOS 16.3+, watchOS 9.3+ |
| Recovery method | Recovery contact or 28-character recovery key |
| All devices current | Every device on the account must meet the minimum OS version |
If any device tied to your account cannot be updated to the minimum OS version, you will need to remove it from the account before ADP can activate. This is the most common blocker during setup.
Common Mistakes and How To Avoid Them
Thinking the phone is unencrypted without ADP. Device encryption is automatic with any passcode. ADP enhances iCloud security — it does not replace the local encryption already running on your phone.
Enabling ADP without a recovery plan. Losing your Apple Account credentials without a recovery contact or recovery key means losing access to all ADP-protected data permanently. Apple cannot reset or bypass this protection by design. Store the recovery key in a password manager or print a copy and lock it in a safe.
Ignoring the device-update requirement. ADP will not activate until every device on the account meets the minimum OS version. An old iPad on iPadOS 15 sitting in a drawer can block the entire setup.
Assuming ADP covers everything. Mail, Contacts, and Calendars remain outside end-to-end encryption. If those categories hold sensitive information, consider whether alternatives or additional protections are needed.
Checklist — Encrypting Your iPhone Data
Use this sequence to confirm both encryption layers are active.
- Set a strong passcode in Settings > Face ID & Passcode — an alphanumeric code is best.
- Confirm “Data protection is enabled” appears at the bottom of the same screen.
- Update every Apple device on your account to the required OS versions.
- Enable two-factor authentication on your Apple Account if it is not already active.
- Go to Settings > [your name] > iCloud > Advanced Data Protection and follow the setup prompts.
- Choose a recovery contact or generate a 28-character recovery key and store it in a safe place.
That covers both layers: the automatic device encryption that runs whenever the phone is locked, and the optional iCloud end-to-end protection that keeps your backups, photos, and documents readable only by you.
References & Sources
- Electronic Frontier Foundation. “How To Encrypt Your iPhone.” Practical step-by-step guide covering device encryption and Advanced Data Protection.