Apple confirmed last month that it would soon begin increasing the encryption protection for iCloud email after a report detailed security flaws in major emails was released. Apple had previously only encrypted emails sent between iCloud users, and the company has now added that encryption to emails sent between iCloud and third-party services for me. com and mac.com email addresses.
9to5Mac notes the change is shown on Google’s transparency website that shows the percentage of emails encrypted in transit for both inbound and outbound email exchanges (pictured above).
Apple has yet to officially confirm the changes.
Apple was one of the last global email providers based in the US not providing encryption for email between providers. There are concerns that Apple’s method of encryption may not be as secure as had been hoped. A report from heist.de says Apple is using a RC4 encryption algorithm that doesn’t protect well against eavesdropping.
A security researcher contacted by 9to5Mac said the version of RC4 that Apple is believed to be using, (RC4-128), is far weaker than AES-128, and also noted that it is possible that the NSA has already broken RC4-128, although that had not as yet been proven.