Apple’s Advanced Data Protection Gives You More Keys to iCloud Data
Critics of cloud services often point—with a bit of finger-wagging—at the fact that cloud-stored data is theoretically vulnerable to being stolen by bad guys and handed over in response to government requests. That’s true even if the data is encrypted in transit to and from user devices and at rest on the company’s servers as long as the company maintains the encryption key necessary to decrypt the data.
The solution is conceptually simple—allow the user to generate and control all the encryption keys, a technique called end-to-end encryption. When that’s true, the data is unreadable to anyone other than the user. Risks of eavesdropping, theft, and government overreach are greatly reduced. However, the user then has the ultimate responsibility to remember and protect those keys, and if something goes wrong, there is absolutely no recourse—without the appropriate key, the data is effectively gone. And yes, that happens all the time, much as with the people who forget their crypto wallet password and lose millions in funny money.
For some time, Apple has provided end-to-end encryption for 14 of the 26 types of iCloud data, including Health data, Passwords and Keychain, Apple Card transactions, and more. You may not realize that you control the encryption keys for those data types because Apple has integrated them into the overall security infrastructure underpinning its devices, operating systems, and online services. That’s why it’s so important to remember your iPhone/iPad passcode and Mac login password.
But for the twelve remaining types of iCloud data—iCloud Mail, Contacts, Calendars, iCloud Backup, iCloud Drive, Photos, Notes, Reminders, Safari Bookmarks, Siri Shortcuts, Voice Memos, and Wallet passes—Apple stores the encryption keys in Hardware Security Modules in its data centers.
For iCloud Mail, Contacts, and Calendars, the need to interoperate with external email, contacts, and calendar systems requires that Apple manage the encryption keys. For the other nine, Apple’s control of the encryption keys enables the company to recover data for users who forget their passwords and have no fallback. (In such a situation, the end-to-end encrypted data types are lost.) But, of course, it also theoretically leaves that data vulnerable to hackers and law enforcement. iCloud Backup, which includes the encryption key for the otherwise end-to-end–encrypted Messages in iCloud, and Photos are the main data types to worry about in that list.
Very soon, those concerned about Apple holding their encryption keys will have some relief.
Enter Advanced Data Protection
Apple has announced Advanced Data Protection for iCloud, a major upgrade to iCloud security that provides end-to-end encryption for the nine data types previously mentioned. Advanced Data Protection is optional—you must explicitly enable it—because it prevents Apple from recovering your data. That seems like a reasonable tradeoff because the people who are the most likely to forget their passwords and need recovery help from Apple are probably less likely to have problems with hackers or law enforcement.
When you set up Advanced Data Protection, you’ll be prompted to set up alternate recovery methods, such as an account recovery contact or a printed recovery key, and you must set up at least one. Apple isn’t going to make it easy for you to lose your data.
Luckily, it’s not a one-way street. If you ever decide that you’d prefer Apple’s recovery help to end-to-end encryption of things like iCloud Backup, you can turn Advanced Data Protection off with no data loss.
There are several technical consequences associated with enabling Advanced Data Protection beyond it not protecting iCloud Mail, Contacts, and Calendars:
- iCloud.com Web access: Turning on Advanced Data Protection automatically disables Web access to data at iCloud.com due to Apple’s keys having been invalidated. You can turn Web access back on using a trusted device, but every visit to iCloud.com requires authorization from a trusted device, and the connection passes only normally accessible iCloud.com data (not Health, for instance) and only for an hour. If you make heavy use of iCloud.com, Advanced Data Protection may be burdensome.
- Data sharing: When you share notes, reminders, and iCloud Drive folders or use iCloud Shared Photo Library, all the data remains end-to-end encrypted and available only on the participants’ devices as long as all users involved in sharing have Advanced Data Protection turned on. Sharing with anyone who’s not using Advanced Data Protection or using the “anyone with a link” option when sharing makes the content available to Apple servers using Apple-controlled keys.
- Collaboration: The iWork collaboration capabilities and the Shared Albums feature of Photos don’t support Advanced Data Protection. The real-time collaboration in iWork requires server-side mediation to coordinate document changes, so Apple has to maintain those keys. Since Shared Albums can be publicly shared on the Web, Apple also has to manage keys for that data.
- Third-party apps: Developers whose apps share data via iCloud must mark CloudKit fields as encrypted to have them protected by Advanced Data Protection, and it automatically protects all CloudKit assets.
- Metadata: For iCloud interface and optimization reasons, Apple retains the keys for some metadata associated with iCloud data types that are otherwise protected by Advanced Data Protection. That includes, for instance, the name, model, color, and serial number of the device associated with each backup and a list of apps and file formats included in the backup. Apple says it is working to include more metadata in Advanced Data Protection.
Advanced Data Protection Requirements and Timing
To enable Advanced Data Protection, your account must have two-factor authentication enabled for your Apple ID and a passcode or password set on your devices. Apple says that over 95% of active iCloud accounts use two-factor authentication. (And if you don’t have a passcode on your iPhone for some unfathomable reason, set one immediately. I’m looking at you, Alex.)
More problematic is Advanced Data Protection’s requirement that all devices where you’re signed in with your Apple ID must be updated to iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, watchOS 9.2, or the latest version of iCloud for Windows. That’s because older versions wouldn’t know to maintain newly created keys on the device and would try to upload them to Apple’s servers in what the company calls “a misguided attempt to repair the account state.” As a result, you’ll have to sign out of iCloud on any device too old to upgrade to the necessary operating system version. (This requirement may be a deal-breaker for me since I have numerous elderly devices that remain in some level of use.)
Unsurprisingly, Advanced Data Protection is available only for regular Apple IDs. Managed Apple IDs (for employees to use for business purposes or instructors and students to use for educational purposes) and child accounts can’t enable the option.
Apple says Advanced Data Protection for iCloud is available now for those testing betas of Apple’s operating systems and will be available for all US users by the end of 2022. It will start rolling out to users in the rest of the world in early 2023 and may be available worldwide by the end of 2023.
Downstream Effects of Advanced Data Protection
In an interview with Joanna Stern of the Wall Street Journal, Apple’s Craig Federighi said that the global release would include China, and he hadn’t heard complaints from the Chinese government, which generally frowns on technology that prevents state surveillance. It doesn’t seem inconceivable that China allowed Apple to provide Advanced Data Protection in exchange for a China-specific tweak in the recent iOS 16.1.1, which limits AirDrop from being accessible to “Everyone” for more than 10 minutes (AirDrop was being used by protesters). Betas of iOS 16.2 include the same change for all other iPhone users, which, while nominally a loss of functionality, would prevent random creeps from using AirDrop to send nudes to nearby iPhone users.
Finally, you may also remember the furor surrounding Apple’s botched 2021 proposal to scan on-device images for CSAM—child sexual abuse material. Those perturbed by the privacy implications of Apple’s CSAM-detection proposal called instead for the company to live up to its privacy promises and implement end-to-end encryption for iCloud Photos. Advanced Data Protection does just that, raising the question of the status of Apple’s CSAM plans and prompting an update from Apple.
It seems that I was correct with my second suggestion in “Apple Delays CSAM Detection Launch” (3 September 2021)—that the delay was “a face-saving way for Apple to drop the technology like the hot potato it became.” Apple told Wired (emphasis mine):
After extensive consultation with experts to gather feedback on child protection initiatives we proposed last year, we are deepening our investment in the Communication Safety feature that we first made available in December 2021. We have further decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos. Children can be protected without companies combing through personal data, and we will continue working with governments, child advocates, and other companies to help protect young people, preserve their right to privacy, and make the internet a safer place for children and for us all.
Apple also said it wasn’t ready to announce a specific timeline for expanding its Communication Safety feature, but it is working on enabling Messages to detect nudity in transmitted videos when protection is enabled.
Overall, Advanced Data Protection seems like a major positive move on Apple’s part. Once it ships, I’ll give it a try and see what the practical effect is on old devices that can’t run the latest operating systems.
Apple calls it “Advanced Data Protection”. Coming to US users by end of year (iOS 16.2, macOS 13.1), rollout abroad in 2023. No extra cost. Services then included (beyond those already E2E encrypted such as passwords and health data) will be:
What I’m curious about, is there anything apart from mail, calendar, and contacts that won’t be E2E encrypted once this is active?
Apple has a chart: iCloud data security overview - Apple Support
One thing to note is that things get a little complicated when you share notes, reminder lists, iCloud Drive links or folders, etc. Somehow Apple needs to have a transient key that it uses to allow the info to be read by multiple recipients, but it may be that once the share is established Apple no longer can see the item. I read about it yesterday, I can’t recall the details. (It was something like this that probably made this complicated and take this long to implement.)
I saw this news. I assume that once you activate this, any older Apple equipment (Macs running Monterey or older, iOS 15 or older, etc.) will no longer be able to access iCloud data like Notes.
Good idea, but for me, it’s going to be quite a while before I can enable it since my iPhone is the only Apple device I have running a compatible OS, and my other equipment either can’t be upgraded far enough or I’m deliberately holding off on the updates.
[Brought the posts above into this thread to centralize the discussion—they predate my publishing the article.]
This is great news. It doesn’t quite erase my annoyance at a certain bug, but it does eliminate all but purely economic arguments.
Cyrus IMAP is also a caldav and carddav server. So that’s that sorted. (I’m still very sorry that Apple discontinued Server, though.)
And my 2015 MBP, which will be the biggest casualty of the change, will make a fine full-time Windows box, and has been fetching to take that role for a while now. I wonder how iCloud for Windows will take this?
People focusing on messages seem to forget that the conversation is only as encrypted as all parties to the conversation choose to make it. Apple also announced a feature that warns you if the other end of a conversation recently added a new device (I think that’s what the Contact Key Verification feature does?). I would think it is valuable to the kinds of targets this stuff is designed for to have a warning when you converse with someone who has not enabled ADP. (The counter-argument, I suppose, is that the feature could later be un-enabled. But, then, you could also say any message could be copied out to an unsafe location.)
I would be interested to know if passkeys would make working with iCloud Web a bit less onerous. I’m sure you would need the login flow each time to provide the key to the web client, but that login seems like it could be a good passkey candidate.
From the article:
So does this mean that sharing an iCloud Drive file/folder using an ‘anyone with a link’ option or with someone who happens to not be using ADP (how would you know??), means the e2e is effectively turned OFF for that file/folder?
Surely that could be a problem if it is sensitive information being shared? And how manageable is that going to be (eg. will there be a place to check which files/folders in your iCloud Drive file system are not e2e encrypted, accordingly?).
Lots of questions remain here.
This may stop a lot of users turning ADP on I suspect – presuming this includes the new iCloud Shared Photo Library feature. Although if all your other iCloud Photos outside of the shared albums are still e2e encrypted, that may mitigate the issue somewhat.
It’s still encrypted - but Apple has a key to decipher it. That’s the way all of iCloud works now, and will unless you turn on ADP for your account.
Having not turned on ADP yet, I don’t know if Apple warns you when you share a folder/file that the recipient doesn’t have ADP or not.
This a reference quote about iWork documents not supporting ADP. I didn’t read the article as saying that you can’t use ADP if you want to do iWork file collaboration- I read it as those particular files will not have ADP turned on and that Apple will have keys to decipher them.
@ddmiller is spot on. If you share something with someone not using Advanced Data Protection, the system falls back to Apple’s standard data protection, where everything is encrypted in transit and at rest, but Apple manages the keys.
And neither iWork collaboration nor
iCloud Shared Photo LibraryShared Albums can use Advanced Data Protection at all because of how they must interact with servers and the outside world. Again, they have encryption going on all the time; it’s just that Apple controls the keys.
In my mind, there are only two reasons not to turn on Advanced Data Protection once it becomes available:
You have old devices that can’t upgrade to the necessary version of OS and that you still need connected to your iCloud account.
You’re uncertain of your ability to remember/record/access your login information such that you want Apple to be able to perform account recovery for you if you get locked out.
The iCloud data security overview explicitly states iCloud Shared Photo Library supports Advanced Data Protection if all users have opted in. Did you mean to say Shared Albums?
I would say the other reason not to turn it on is if you access iCloud through the web client frequently. (I’m hoping calendars, email and contacts will be accessible without extra authentication since those are not E2E encrypted, but Apple has not said that will be how it works).
Yep, brain short circuit. Fixed.
And yes, if you use the iCloud.com Web clients a lot, that’s going to be much more annoying with Advanced Data Protection turned on. I don’t know how common that would be.
I do have a few Macs that are stuck on pre-Ventura OSes and for which I don’t necessarily need iCloud connectivity (except for Music, which does, in fact, work fine when you disconnect from iCloud.) So I’m getting myself ready for this going forward to see if I can run those Macs disconnected from iCloud but still have them be useful so I can turn on ADP.
Two of them are Mac Mini that I use basically as iTunes/Music media servers, one of which stores the canonical version of all of our ripped CDs, plus, of course, purchased iTunes tracks and now some tracks from Apple Music. One of them also runs SpamSieve as a spam filtering drone for all of the email accounts we have that don’t have strong server-based spam filtering. (Wonderful product and solution.) For these, I don’t need access to contacts, calendars, iCloud Drive, Notes, Reminders, etc. - I just need the ability to connect to the iTunes Store and to my Apple Music account, plus the email accounts in the Mail app. And, yes, I can do that (this I’ve already been doing on one of the Mac Minis.) I’ve also been using one of the Mac Minis to connect to the iCloud Photos and be the source of backup offsite and to Time Machine, but that I can no longer do after disconnecting from iCloud - for that I have transferred that function to an iMac that can run Ventura and I will use that computer for this.
My bigger issue is my old 2015 MacBook Air which I have kept as a backup to my 2022 MBA, and that I also use during the summer when I am my main home while we have moved up to the summer house with the 2022 MBA. (Yes, I know, first world problems.) The 2015 is stuck at Monterey.
I’m not all that worried about losing access to Messages and FaceTime on the old MBA - I don’t like using Messages on the Mac anyway, and almost all of my FT is from my iPad or iPhone. Reminders - I use this a little, but I’m ok with having them only my phone and iPad. I really don’t need them on my Mac. Notes - this one is tougher. Notes I use mostly as a list of things that I want to read later, but it’s also a convenient way to transfer info between computers. For right now, I am trying out the app Agenda as a Notes replacement for that, and the Notes app itself I’ll use just for ephemeral content (such as scanning documents using the iPhone camera) and for private info that I lock with passcode / FaceID / TouchID.
Also, the iMac I mentioned before is at home, so I can really just use that. The main issue is going to be if the 2022 MBA fails and I need to use the 2015 as a backup until I get it repaired/replaced. (For that actually I think I would just disable ADP temporarily and reconnect to iCloud.)
So to get ready for this, I’ve moved almost all iCloud Drive content to my Sync dot com syncing service (a service similar to Dropbox, but a bit less expensive and with a nicer MacOS app).
As for this:
As I have said, Mail is fine. Calendars I have solved by sharing my calendars to another iCloud account that I will not be turning ADP on and then adding the other iCloud account to Calendars; I can now get calendars on the 2015 MBA.
Contacts: that’s tougher. There seems to be no way to share contacts with another account as you can calendars, Apple doesn’t have shared family account contacts, and I can’t find a way to access an iCloud account from within Contacts unless you are officially connected to it. And my Apple ID is not an iCloud account, so I can just connect to iCloud as a secondary account and sync contacts (unless I have missed something.) But, the truth is, I don’t think that I need this. If I ever need an email address from anywhere, I can just share the actual address in an Agenda note (or email it to myself) and manually add the contact to the 2015 MBA. (I had thought about using my fastmail account as my main contacts repository, but connecting fastmail contacts to iOS seems to be a bit of a pain, requiring either a profile, which I’d rather not do, or a non-SSL carddav server. I could use my old gmail account for contacts, but I’d rather not. I’ll just manually export them and maintain them manually, as listed above.)
Agenda: the first wrench in this plan was that Agenda syncs using iCloud by default to sync. However, it does support syncing via Dropbox, so I’m trying that out. I had to do some manual editing to some notes that wouldn’t sync (just changing their name forced a sync, then I renamed them back).
One last thing that I’ll need to do is go up to the summer house and upgrade the Apple TV there to tvOS 16.2. After that I should be able to try out ADP.
Unless you are 100% on 16.2 and 13.1, this isn’t easy.
I have and use several older Macs stuck as far back as Catalina. But I don’t think I’ll truly be needing iCloud services on those systems. I’ll definitely be trying out ADP as soon as a few days go by without hearing about anything dramatic with these updates.
IMHO the writing is on the wall for local iOS backup to Mac. Looks like Apple has finally successfully bullied me into submission with their most recent shenanigans. If ADP works well and holds its promises, I will be moving to iOS iCloud backup (considering the base 5GB iCloud will suffice for my humble iPhone backup needs). I need only backup so I’ll probably be just fine, but I’m afraid the iMazing crowd is effed.
I agree that the free storage tier should provide enough storage to hold the data for the tasks that Apple forces you to use iCloud (and a bit more to encourage users to try out other products.) That said, the upgrade to 10x the free amount (50Gbps) is only $1(USA)/month ($12/year). That should provide more than enough storage to handle backups from a few oodles on mobile Apple devices. What’s more, it also gives you access to Apple Private Relay and the ‘Hide My Mail’ feature allowing you to quickly create email aliases for anticipated junk.
I wouldn’t dispute that, but, frankly, I will certainly not reward their bullshit bullying tactics with even more revenue. I fork them over more than enough money for hardware every single year already. I have zero interest in most of their “services”. Half is of little to no value to me, the other is crap. Of course, as always, YMMV.
Haha, I’m kinda the other way… already store most docs in iCloud Drive, and would like even higher storage plan maximums than Apple currently offer. But I get you’re point. ;-)
Pardon the slightly OT: if you do not include iMessage in iCloud (say because you only use your one single iPhone for iMessage), does it still get backed up to iCloud such that a new iPhone will pick up all old message threads? Or is that exactly why even with just a single iOS device you’d want iMessage sync turned on with iCloud?
If you have messages in iCloud turned off, the messages get backed up to iCloud, yes. If you have iCloud for messages turned on, it doesn’t duplicate the storage by also backing them up.
I think your best shot in a situation like this where you want access to iCloud data without having to sign in using the Apple authentication framework is just to create an app-specific password for your IMAP/SMTP/CALDAV/CARDDAV access and use standard PLAIN authentication. These are “well-known” endpoints (imap.mail.me.com, smtp.mail.me.com, contacts.icloud.com, calddav.icloud.com). Of course if you can make it work by other means / if you can do without, that works too.
Yes, they have, much as it pains me to concur, succeeded in their shameful little coup to extract further revenue from the already very likely premium-storage purchaser of Apple hardware. And ditto re my move to iCloud backup at no extra cost, except that I’m already paying for 50 GB storage, now close to empty thanks to the backups next to my iCloud Mail, some iCloud Drive content, and EPub/PDF books, so that while I do appreciate iCloud Plus, it’s more that I don’t have to pay extra for this change, just to pay what I’m already paying. I am distinctly displeased by it, though–an iCloud backup may be more convenient, but it doesn’t back up “sync data”, so you still need to be tethered if you actually want to restore your device as is, particularly for stuff you just can’t get from the cloud (non-Apple audiobooks, lossless music, etc). But I think I’ve already grumbled enough about that, so …
Yes, that’s my take; the choice is simply one of the mechanism used. Using Messages in iCloud would seem to be the more flexible option, since you can choose not to use Backup at all if you want, and because it makes syncing much easier if you add a new device.
I attempted to enable Advanced Data Protection on my iPhone but received a message that my iPad first had to be updated to iPadOS16.2. Apple seems to think it is on 15.xx (I can’t remember). But the iPad is definitely at 16.2. I tried turning off the iPad and the iPhone but nothing changed. Similarly, if I try to turn on ADP on my wife’s iPhone, she gets a message that our iMac needs to be updated. But it is updated to 13.1. I don’t see that message on my phone. FWIW, we share contacts and calendars on our devices so are each logged into iCloud on our respective devices. Any suggestions on what is going on and how to resolve the issue?
I pushed all my very old Macs (those that cannot be updated to a sufficiently new macOS – as well as my really old iPhones/iPads) off my iCloud so I could finally test ADP.
But now it looks like since my wife and I are in Family Sharing I also need to get her to do the same for her devices. No ADP for me until all her stuff is also up to the latest and greatest.
She won’t mind pushing her old 2010 13" MB or an old iPhone 4 out of iCloud, but she’s not going to be thrilled about being “forced” to upgrade to 13.1 right now on her main MacBook. Not that she minds 13.1 (and due to security concerns she would do so eventually anyway), but like me she’s not really interested in any of the “new stuff” so to her such an upgrade is just a waste of time that at best interferes with her work, and at worst means follow-on trouble that then has to be sorted out. Some of Apple’s latest software QA/QC snafus have certainly left a mark. I will have to tread lightly and be prepared to offer up a dinner invitation.
Ok, so much for me right now, then. Family plan with my wife and my two adult kids, and who knows what their Macs and iPhones are running these days? (One of them has a 12” MacBook, though I think it’s the one that supports Ventura. So, someday, maybe.) I’m pretty sure my wife is still on 15.7.1 on her iPad Mini. I’ll have to check at some point.
So … I’m thinking about starting a family. (Being still single and just yesterday turned 40, there are obstacles, but nothing insurmountable, I hope.) My mother needs more than the 5 GB of storage for free, and my iCloud backups have just pushed me into the storage red. I need more iCloud storage. My options are to stridently object to Apple’s forced backups to iCloud, which is my short-term temporary fix, or to upgrade to the 200 GB plan, help mum cancel her own 50 GB storage, then start a family in order to share. It’s all about the pennies, you understand. No doubt the switch to iCloud is now absolutely inevitable, but as things stand I’m back to entering my passcode every time I want to start a backup. Obviously, I am a wee bit annoyed. As now discussed, though, the bigger problem is going to be getting ADP enabled. Fortunately I will be able to help mum do her upgrades, and she’s quite able to adapt to subtle changes after the initial bump, so that should also be a temporary roadblock. Or maybe I should just swallow my pride and start throwing money at Apple, given the amounts being saved. Reducing my usage isn’t much of an option at present, sadly.
What happens if you have iCloud Family members with a device not on the latest OS, when trying to enable ADP?
Does it actually check every device they’re logged into for compatibility before allowing it, or just lock them out of said device entirely somehow until they upgrade it to the latest OS?
It would be good to know the methodology beforehand, in case we hit against it.
So you can turn it on for yourself, but they won’t be able to enable it at all on any of their devices. Is that right?
EDIT: …or not?
When you attempt to turn it on you will get a notice that all non-compliant devices must abandon iCloud first.
“abandon iCloud” - what does that mean?
Devices without ADP capability will no longer be able to use an iCloud account that has been fully encrypted by an ADP device and must disable iCloud access on that device.
Really all you need to do is go into Apple ID settings on any device with 16.2 or 13.1 and remove any devices that don’t have those versions from your list of devices. Tap (or click) and there is an option to remove the device from iCloud.
It has no effect. I know that my wife’s phone is still on 16.1.2 and iPad is on 15.7.X. I just turned on ADP for my account.
I’m not quite sure what Simon was seeing above, because it worked for me. I also have my kids on family sharing and I have no idea what their versions their devices are on. As long as I don’t have an account on their Macs that is logged in to iCloud, I was able to turn on ADP.
One word of caution: I read about somebody who decided to add a recovery key before turning on ADP. I already had done this, over a year ago (well, actually it was exactly a year ago, based on the date in my 1Password record). The person I read about on Reddit was required to wait three months after setting the new key before they can turn on ADP. I don’t know if you’re prompted to set a new recovery key (or select a recovery contact) as part of setting up ADP, since I already had one, but you may end up with a waiting period if you don’t have one already.
(Quoting what Simon said above - I didn’t have this issue at all.)
I’d sure like to know what kind of magic sauce you have to make that work, @ddmiller.
My wife has in the meantime updated her iPhone to 16.2, but that still leaves her MBA on Monterey. And sure enough, as long as that remains there apparently there’s no ADP for me. See below.
Do you have an account on her MBA? Or is it listed as one of ‘your’ devices in your Apple support account even if she is the only one with an account on the actual Mac?
Excellent catch! Indeed, her MBA is listed under my support account.
I don’t really understand why though. Sure, she purchased it using my Apple Store account, but once it arrived she set it up herself and I’ve never had any account or anything of my own whatsoever on there. For the initial purchase she used my Apple Store account the same way to buy her iPhone and that’s not listed under my support account either. No idea why the inconsistency. But regardless, why would it matter who originally ordered the item vs. who actually owns it (per Setup Assistant or FindMy or whatever that’s called)?
But the better question perhaps then is, how do I get her MBA off my support account and onto hers?
Settings / Apple ID (on another device). Scroll down to the computer on the listing of devices, click or tap it, and click remove.
If her Apple ID is logged in it should be on her listing as well.
ADP is causing problems with the latest Homepod update:
Join the discussion in the TidBITS Discourse forum