Apple added iCloud Data Recovery Service in iOS 15/iPadOS 15 and macOS 12 Monterey. They marked this an important new feature to help you in case you lost access to devices connected to your Apple ID account and didn’t want to lose all your iCloud-synced data and your Apple ID account access. Appoint trusted contacts—friends, family, colleagues, a lawyer, whomever—and you could turn to them to activate a backup plan in the worst case.
However, the service had a significant limitation: it could only restore data that was synced in such a way it was directly accessible from iCloud.com. You can see how in Apple’s iCloud data security overview. Only your iCloud stuff listed under “standard data protection” with “in transit & on server” could be recovered through the help of a trusted contact. The rest was device-locked end-to-end encrypted data that could be irretrievable. (If you recovered a trusted device or unlocked one you thought was locked forever, that device would resync data to new hardware you added.)
Apple made this explicit when you set up the service: “iCloud Data Recovery Service can help you get your data back, including photos, notes, reminders and device backups.…Apple cannot access or help you recover your end-to-end encrypted information, such as Keychain, Screen Time and Health data.”
I wrote a column on the limits of iCloud Data Recovery Service and how to enable it back in October 2021; see “How to use iCloud Data Recovery Service.”
Improvements and features
Apple has slipstreamed a lot of improvements in the current operating system cycle, many related to iCloud. I’ve discovered that includes iCloud Data Recovery Service, which has a new name and no longer has the iCloud-accessible data limitation.
Apple now calls it Recovery Assistance, and your trusted contacts are now “recovery contacts.” Apple didn’t announce the change, but it occurred along with the release of Advanced Data Protection for iCloud data. ADP allows nearly all iCloud-stored data to be protected with end-to-end encryption, the gold standard. (I figured out the change happened between Dec. 11 and Dec. 13, 2022, by consulting the Internet Archive’s Wayback Machine for Apple’s support page on account recovery.)
This makes sense: if you enabled ADP, only email, contacts, and calendar entries could be recoverable. Hardly useful. The rethink affects both standard and ADP-configured iCloud accounts.
Recovery Assistance now tells you when you add a contact, “Your recovery contact can’t access your data but can help you recover all of it and regain access to your account.” Note the word all!
Apple likely makes this happen through the same method it uses with iCloud Keychain: it uses device passphrases to lock away encryption keys that provide access to iCloud Keychain data. Without possessing a device passphrase, you can’t sync iCloud Keychain. Recovery Assistance makes use of data your recovery contact has mixed with information you possess and have access to.
The setup and use of Recovery Assistance are identical to the older version. The main difference is version numbers:
- iCloud Data Recovery Service requires a minimum of iOS 15, iPadOS 15, macOS 11 Big Sur, as well as tvOS 15 on all devices logged into the same iCloud account.
- Recovery Assistance ups that for macOS, which has to be 12.0 Monterey or later, and requires watchOS 8 if you have a Watch.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com, including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.