Legacy Contact security
If a user wants their iCloud data to be accessible to designated beneficiaries after their death, they can set up Legacy Contacts on their account. A Legacy Contact beneficiary gains access to all the deceased’s iCloud data, including almost all end-to-end encrypted data, but excluding iCloud Keychain data like account passwords. The technology underlying Legacy Contact is similar to how Recovery Contact works — a strong random key that is split between Apple and the legacy contact, so that neither can decrypt any data by themselves. A beneficiary receives the same classes of data whether or not the user turned on Advanced Data Protection.
The keying information a beneficiary receives is referred to as an access key in user-facing documentation, and is saved automatically on supported devices, but can also be printed and stored offline for use. For more information, see the Apple Support article How to add a Legacy Contact for your Apple ID.
After the user’s death, Legacy Contacts sign in to the Apple claim website to initiate access. This requires a death certificate and is authorised in part with the authorisation secret mentioned in the previous section. After all the security checks are completed, Apple issues a username and password for the new account and releases the necessary keying information to the Legacy Contact.
To more easily input the access key when needed, it’s presented as an alphanumeric code with an associated QR code. After it’s entered, access to the deceased’s iCloud data is restored. This can be performed on a device or access can be established online. For more information, see the Apple Support article Request access to an Apple account as a Legacy Contact.