How Safe Is Your Data Stored in Apple’s iCloud?
Our friend over at Ars Technica answer reader questions, and this one seems like one many iPhone and iPad users will want answered, not to mention future OS X Mountain Lion users: How safe is my data stored in iCloud? Chris Foresman’s answer also touches more generally on the issue of storage in the cloud vs. on-premises:
The simple answer is that your data is at least as safe as it is when stored on any remote server, if not more so. All data is transferred to computers and mobile devices using secure sockets layer via WebDAV, IMAP, or HTTP. All data except e-mail and notes—more on that later—are stored and encrypted on disk on Apple’s servers. And secure authentication tokens are created on mobile devices to retrieve information without constantly transmitting a password.
iCloud stores photos in your Photo Stream, documents stored in iCloud, backups for iOS devices, @me.com e-mail, contacts, calendars, Safari bookmarks, reminders, and notes, Foresman notes. Apple says all data is stored encrypted on disk except e-mail and notes. The exception for e-mail may be due to performance reasons, including supporting features like searching messages on the server or partially downloading messages and attachments, he writes
Notes are also not encrypted on iCloud servers. The reason is that iCloud currently syncs notes using IMAP, and a result of this method is that your notes are synced on Mac OS X via Mail. However, OS X 10.8 (Mountain Lion) will include a proper Notes app when it’s launched this summer, so it’s possible that future Notes will use iCloud’s document store APIs, and these notes will be encrypted on disk like the rest of iCloud data.
For now, though, it’s technically possible for an unscrupulous Apple data center employee to rifle through your e-mail or notes. The likelihood is remote, and Apple promises in its privacy policy that it “takes precautions—including administrative, technical, and physical measures—to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction.” Those who routinely send and receive messages of importance to national security—or just the more paranoid among us—may want to consider a more secure alternative for e-mail and notes.
What Apple won’t talk about: The methods used to encrypt data on disk. It claims to use industry standard practices to ensure user data is stored securely. Ars makes some educated guesses.
Have a full read of Ars Technica’s low-down on how safe your data stored at iCloud is and share your thoughts: Is it it safe enough? Do you trust Apple, or any cloud storage/sync provider to keep your data safe and private?
Go Back to Top. Skip To: Start of Article.
