Does Drafts (or will Drafts) support iCloud advanced data protection? On the Apple web site it says…
“Third-party app data stored in iCloud is always encrypted in transit and on server. When you turn on Advanced Data Protection, third-party app data stored in iCloud Backup and CloudKit encrypted fields and assets are end-to-end encrypted.”
Advanced Data Protection in not really an app-level feature. It’s system-level. There’s nothing an app needs to do to support it.
If you enable it, any app’s data stored locally on your device will be encrypted when backed up to iCloud.
Drafts does not support CloudKit encryption, which is something totally separate from Advanced Data Protection, but possibly what you are really asking about. Your Drafts data is synced through CloudKit (if sync is enabled) and CloudKit transfers and stores data in an encrypted state, but Apple does have those encryption keys.
More detailed information is available in Apple’s Platform Security guide.
Isn’t Advanced Data Protection essentially the same thing as CloudKit encryption with the later having keys only stored on the user’s device? And when you say that it’s a system-level feature I understand that, but doesn’t the developer have to mark fields in cloudkit as encrypted?
“Advanced Data Protection also automatically protects CloudKit fields that third-party developers choose to mark as encrypted, and all CloudKit assets.” - source
I think the confusion for me is that some of the terms are ambiguous. Speaking way beyond my depth here… 
ADP secures the content of an App using CloudKit Sync only if the code is updated to mark fields as encrypted.
I am not sure how much work this is but some of the other apps have done this (like Agenda and Note Plan). It would be great to have this done for Drafts as well because using a non end to end (E2E) encrypted app for creating (source) content that will end up in an E2E app (like Day One, Agenda, Note Plan, or Omni Focus, all of which are E2E encrypted) defeats the point of having E2E encryption in the destination.
Completely agree with this. Lack of proper E2EE is really holding me back from using Drafts as I’d like to, and if it can be achieved relatively simply via ADP that sounds like a huge win.
Is there any reason the CloudKit encryption wouldn’t be enabled/toggle-able? From an end user perspective, transparently offering E2E encryption seems like a no disadvantage situation 
It would be a rather involved technical challenge to provide an encryption toggle. Just allowing a user to turn it on and off does not take care of the fact that all their history of data would need to be either encrypted or decrypted when such an option was changed. To date, there hasn’t been much demand to offer such an option.
Commenting here as a way to say that I would also enjoy having E2E encryption on Drafts
It’s interesting there seems to have been little demand. But as Drafterator says above, Drafts’ function as a place to create text that goes elsewhere is really undermined for the increasing number of apps that do provide it.
And for at least some jobs it’s a non-negotiable. I’m a lawyer (I can’t be the only lawyer on here) and the lack of E2EE prevents me from using Drafts at all for work purposes (I use Obsidian instead, but it’s hardly a complete replacement).
As a Pro user for some years now, the lack of E2EE really holds back my use.
I’m obviously not a coder, but is there any downside to just marking the fields as encrypted? Would it affect functionality? For those who haven’t enabled Advanced Data Protection they can recover their key, and it’s not like end users (who aren’t developers) can directly poke around in their CloudKit storage.