As part of the new system, developers building software for Apple’s devices will be able to opt for users’ information to have no encryption, single-key encryption, or multi-key encryption “with per-file keys for file data and a separate key for sensitive metadata” – comparable to leaving a door unlocked, using one key, or using two keys.
In its documentation of APFS, Apple explains that full disk encryption has been available on OS X since version 10.7 Lion. APFS differs in that it encrypts files individually rather than as a one unit, similar to other encryption mechanisms Apple introduced to its iOS platform in 2010. It also encrypts related metadata – the basic summary attached to each file – and will keen data secure even when the device has been physically hacked.
Since its battle with the FBI, Apple has made a number of important changes to increase security and tighten encryption. Apple itself couldn’t decrypt information the agency demanded, but the company did have the keys to access information stored in the shooter’s iCloud account. The company is now reportedly considering a system that wouldn’t allow it to access iCloud data.