Last October, Google launched the Advanced Protection Program, our strongest level of account security, designed to protect the overlooked segment of our users who face an increased risk of sophisticated attacks. These users may be journalists, activists, business leaders, political campaign teams, and others who feel especially vulnerable.

Today we’re announcing that Advanced Protection now supports Apple’s native applications on iOS devices, including Apple Mail, Calendar, and Contacts. This allows iOS users to enroll in the program without having to adjust how they use Google services on their Apple devices.

To protect you from accidentally sharing your most sensitive data with fraudulent apps or web services, Advanced Protection places automatic limits on which apps can gain access to your Google data. Before today, this meant that only Google applications were able to access your data if you were enrolled in the program.

With today’s update, you can now choose to allow Apple’s native iOS applications to access your Gmail, Calendar, and Contacts data. When you sign into iOS native applications with your Google account, you will get instructions on how to complete the sign-in process if you’re enrolled in Advanced Protection. We’ll continue to expand the list of trusted applications that can access Google data in the future. 

Layers of security protections

In addition to these updates, you’ll continue to benefit from Advanced Protection’s other safeguards. To provide you with the strongest defense against phishing, Advanced Protection goes further than traditional 2-Step Verification, requiring you to use a physical Security Key to sign back into your account after you’ve logged out, or anytime you sign in on a new device. Advanced Protection also helps block fraudulent access to your account by adding extra steps to the account recovery process to prevent people from impersonating you and pretending they’ve been locked out of your account.

Our goal is to make sure that any user facing an increased risk of online attacks enrolls in the Advanced Protection Program. Today, we’ve made it easier for our iOS users to be in the program, and we’ll continue our work to make the program more easily accessible to users around the globe. Get started at google.com/advancedprotection.

Editor’s note: October is Cybersecurity Awareness Month, and we're celebrating with a series of security announcements this week.

When operating at the scale of Google, we usually strive to build products that serve the needs of billions of people. Today we’re introducing a different kind of product—one that we specifically tailored to protect the online security of a much smaller set of users.

We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks. For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety. Sometimes even the most careful and security-minded users are successfully attacked through phishing scams, especially if those phishing scams were individually targeted at the user in question.

To address this need, we’re introducing the Advanced Protection Program. Advanced Protection provides Google’s strongest security, designed for those who are at an elevated risk of attack and are willing to trade off a bit of convenience for more protection of their personal Google Accounts.

Once you enroll in Advanced Protection, we’ll continually update the security of your account to meet emerging threats—meaning Advanced Protection will always use the strongest defenses that Google has to offer.

At the start, the program focuses on three core defenses.

The strongest defense against phishing: Advanced Protection requires the use of Security Keys to sign into your account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing. They use public-key cryptography and digital signatures to prove to Google that it’s really you. An attacker who doesn’t have your Security Key is automatically blocked, even if they have your password.

Protecting your most sensitive data from accidental sharing: Sometimes people inadvertently grant malicious applications access to their Google data. Advanced Protection prevents this by automatically limiting full access to your Gmail and Drive to specific apps. For now, these will only be Google apps, but we expect to expand these in the future.

We've been testing Advanced Protection for the last several weeks and learning from people like Andrew Ford Lyons, a Technologist at Internews, an international nonprofit organization that has supported the development of thousands of media outlets worldwide. “Journalists, human rights defenders, environment campaigners and civil society activists working on any number of sensitive issues can quickly find themselves targeted by well-resourced and highly capable adversaries," says Andrew. "For those whose work may cause their profile to become more visible, setting this up could be seen as an essential preventative step.” The testers’ feedback was hugely helpful; we’re very appreciative of the time they spent with the product.

Anyone with a personal Google Account can enroll in Advanced Protection.Today, you’ll need Chrome to sign up for Advanced Protection because it supports the U2F standard for Security Keys. We expect other browsers to incorporate this soon.

For now, Advanced Protection is only available for consumer Google Accounts. To provide comparable protections on G Suite Accounts, G Suite admins can look into Security Key Enforcement and OAuth apps whitelisting.