Add Apple iCloud Private Cloud Storage (PCS) - Advance Data Protection (ADP) #8742
Conversation
…ata Protection (ADP)
|
Could you please review this PR? Feel free to push improvements directly if you see a cleaner approach. Open questions:
Update the iCloud Drive backend docs (Markdown only?):
|
|
@lostb1t have you got time to take a look at this? |
|
Is anyone available to review and improve the code? |
|
@samuelexferri unfortunately I know very little about iCloud. @lostb1t wrote the backend. Can you confirm the integration tests work your new code, with and without PCS? We can try to get some testers from the issue - perhaps post there and ask for testers? Or on the forum? |
|
I’ve updated the docs and done some minor cleanups. Unfortunately I wasn’t able to run full tests without ADP, since I’d prefer not to risk my main Apple account. If anyone can help with testing (with and without PCS), that would be really useful. Yes it would also be great if @lostb1t could review the changes, since he wrote most of the backend originally. |
|
Hello, ./rclone --verbose config
Current remotes:
Name Type
==== ====
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n
Enter name for new remote.
name> iclouddrive
Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
...
Storage> iclouddrive
Option apple_id.
Apple ID.
Enter a value.
apple_id> ***redacted***
Option password.
Password.
Choose an alternative below.
y) Yes, type in my own password
g) Generate random password
y/g> y
Enter the password:
password:
Confirm the password:
password:
Edit advanced config?
y) Yes
n) No (default)
y/n> nThis is when my iphone asks for confirmations:
Option config_2fa.
Two-factor authentication: please enter your 2FA code
Enter a value.
config_2fa> ***redacted***
Configuration complete.
Options:
- type: iclouddrive
- apple_id: ***redacted***
- password: *** ENCRYPTED ***
- cookies: ***redacted***
- trust_token: ***redacted***
Keep this "iclouddrive" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> yBut this is where it shows the 2fa code again on my iphone:
And obviously, there's no field where I need to fill it in... Current remotes:
Name Type
==== ====
iclouddrive iclouddrive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> qand then I try to read the root using ./rclone --verbose lsd iclouddrive:/
2025/09/07 09:17:05 INFO : icloud: [PCS] Advanced Data Protection is active. Attempting to obtain consent from your trusted device.
2025/09/07 09:17:05 INFO : icloud: [PCS] A request has been sent to your trusted Apple device(s). Please approve the request for web access to proceed.
2025/09/07 09:17:12 INFO : icloud: [PCS] Still waiting for approval on your trusted device...
2025/09/07 09:17:17 INFO : icloud: [PCS] Still waiting for approval on your trusted device...
2025/09/07 09:17:22 INFO : icloud: [PCS] Approval received from trusted device.
2025/09/07 09:22:22 CRITICAL: Failed to create file system for "iclouddrive:/": icloud: ADP/PCS consent for iCloud Drive failed: timed out while waiting to obtain service cookies for iclouddrive
|
|
Hi, I have the exact same issues as @bushvin |
Add Apple iCloud Private Cloud Storage (PCS) - Advance Data Protection (ADP)
What is the purpose of this change?
This PR makes rclone’s iCloud Drive backend work when Advanced Data Protection (ADP) is enabled on an Apple ID.
Was the change discussed in an issue or in the forum before?
ADP has been a frequent ask from users because iCloud Drive fails once ADP is turned on. This PR ports the working approach used in the Python
pyicloudproject (ADP PR) into rclone’s Go backend.Checklist