Apple added iCloud Data Recovery in iOS 15 / iPadOS 15 and macOS 12 Monterey. They’ve marked this as an important new feature to help you if you’ve lost access to devices connected to your Apple ID account and you don’t want to lose all your iCloud synced data and access to your Apple ID account. Designate trusted contacts—friends, family, colleagues, attorney, whatever—and you can turn to them to activate a backup plan for the worst.
However, the service had a major limitation: It could only restore data that was synced in a way that was directly accessible from iCloud.com. You can learn how to do this in Apple’s iCloud data security overview. Only iCloud items listed under Data Protection Standard with “In Transfer and On Server” can be recovered with the help of a trusted contact. The rest was end-to-end encrypted data secured to the device which could not be retrieved. (If you restore a trusted device or unlock a device you thought was locked forever, that device will re-sync data to the new devices you’ve added.)
Apple made this clear when setting up the service: “The iCloud Data Recovery Service can help you restore your data, including photos, notes, reminders, and device backups. … Apple cannot access or help you recover your end-to-end encrypted information, like Keychain and Screen Time and Health data.”
I wrote a column about the limits of the iCloud Data Recovery service and how to enable it again in October 2021; See “How to use iCloud Data Recovery”.
Improvements and features
Apple has made a lot of improvements in the current OS cycle, and many of them are related to iCloud. I found out that this includes the iCloud Data Recovery service, which has a new name and no longer has the restrictions on which data can be accessed on iCloud.
Apple now calls them Assisted Recovery, and Trusted Contacts are now Recovery Contacts. Apple didn’t announce the change, but it happened along with the release of Advanced Data Protection for iCloud data. ADP allows almost all data stored on iCloud to be protected with end-to-end encryption, which is the gold standard. (I found out that the change occurred between December 11th and December 13th, 2022, by consulting the Internet Archive’s Wayback Machine for Apple’s support page on account recovery.)
This makes sense: if you enable ADP, only email, contacts, and calendar entries can be recovered. hardly useful. The rethink affects both standard iCloud accounts and ADP accounts.
The Recovery Service now tells you when you add a contact, “The recovery contact can’t access your data but can help you recover it completely and regain access to your account.” Note the word everyone!
Apple likely makes this happen the same way it does with iCloud Keychain: it uses device passphrases to lock down encryption keys that provide access to iCloud Keychain data. Without having the device passphrase, you cannot sync iCloud Keychain. Assisted Recovery uses data that your contact has mixed with information you own and have access to.
Setting up and using Recovery Assistance is the same as the previous version. The main difference is the version numbers:
- iCloud Data Recovery requires at least iOS 15, iPadOS 15, and macOS 11 Big Sur plus tvOS 15 on all devices signed in to the same iCloud account.
- Assisted Recovery extends this on macOS, which must be Monterey 12.0 or later, and requires watchOS 8 if you have a watch.
Ask Mac 911
We’ve put together a list of frequently asked questions, along with answers and links to columns: read our FAQ to see if your question is covered. If not, we are always looking for new problems to solve! I’m emailing you at mac911@macworld.com, including screenshots as applicable and if you’d like to use your full name. Not every question will be answered, we don’t respond to email, and we can’t provide direct troubleshooting tips.