June 14, 2014
Apple is working to implement iCloud email encryption in transit between service providers, as confirmed by the company to NPR. Yesterday, NPR published a report stating that Apple doesn't encrypt email in transit between providers. This means that while emails sent from an iCloud email address to another are duly encrypted, emails sent from iCloud to other email providers (e.g. Gmail and Yahoo! Mail) are not. However, apparently after being made aware of the report, Apple told NPR that it's planning to remedy the security oversight. According to NPR:
Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers' email in transit between providers. After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses.As noted by 9to5Mac, there's no mention of the newer iCloud.com email addresses in Apple's response. But it's likely that Apple's encryption plans also include iCloud.com email addresses, which have been found to also lack end-to-end encryption. For end-to-end encryption of emails between providers to be implemented, both concerned providers must use encryption. Given this condition, Apple has to collaborate with other email providers (e.g. Google and Yahoo) for its encryption plans to come to fruition. See also: Apple Lets Users Tap Into Safari's Passwords & AutoFill To Log In To Apps In iOS 8, Apple Removes Fake And Purchased App Review Ratings From The App Store, and Siri, Take Note: Microsoft May Bring The Cortana Voice Assistant To iOS Devices.