iCloud: iCloud security and privacy overview

Summary

iCloud stores your content and wirelessly pushes it to your devices. iCloud is integrated with your apps so everything happens automatically.

This article explains what iCloud does to keep your personal information and data secure and private. In addition to this article, you should also review Apple’s Privacy Policy which covers iCloud.

Products Affected

iCloud

iCloud Security

iCloud secures your content by encrypting it when sent over the Internet, storing it in an encrypted format, and using secure tokens for authentication.

Encrypting content that is sent over the Internet
The following content is encrypted using SSL (Secure Sockets Layer) when sent over the Internet to or from iCloud:

  • Photos in your Photo Stream
  • Documents in the Cloud
  • Backup data for your iOS device
  • Mail
  • Contacts
  • Calendars
  • Bookmarks
  • Reminders
  • Notes
  • Location requests and data for Find My iPhone, iPad, iPod touch, and Mac
  • Location requests and data for Find My Friends
  • Music in iTunes Match
  • Data accessed using Back to My Mac
  • Content accessed using the web applications at icloud.com

Encrypting content that is stored in iCloud
Apple encrypts data that is stored to deliver the iCloud service. Encrypted data includes:

  • Photos in your Photo Stream
  • Documents in the Cloud
  • Backup data for your iOS device
  • Contacts
  • Calendars
  • Bookmarks
  • Reminders
  • Location data for Find My iPhone, iPad, iPod touch, and Mac
  • Location data for Find My Friends

Use of Secure Tokens for Authentication
When you access iCloud services using Apple’s built-in apps (for example, Mail, Contacts, and Calendar on iOS 5, and Mail, Address Book, and iCal on OS X Lion), authentication is done using a secure token. Using a secure token eliminates the need to store your iCloud password on devices and computers. 

In addition, when creating a new Apple ID to use with iCloud, the password must have at least 8 characters, a number, an uppercase letter, and a lowercase letter. Learn more about creating a secure password here.

 

iCloud Privacy

iCloud protects your privacy in the ways outlined below.

Find My iPhone, iPad, iPod touch, and Mac

    • You must turn on Find My iPhone, iPad, and iPod touch in iOS Settings before your device can be located. 
    • You must turn on Find My Mac in OS X Lion System Preferences before your Mac can be located.
    • In iOS 5 Settings > Location Services, there is a Find My iPhone setting that allows you to see the Location Services icon in the status bar when your iOS 5 device is being located.
    • Your location is sent from your device when you request to see its location. It is not transmitted on a regular interval.
    • Last known location data is only stored for 24 hrs in an encrypted format on Apple's servers and then deleted. 
    • Remote lock lets you lock a device's screen and help prevent access to its data.
    • Remote wipe lets you securely erase your data from a device.
    • You are automatically signed out of the Find My iPhone app on an iOS device or on the web after 15 minutes of inactivity.

Find My Friends

    • To use Find My Friends, you must first download the optional and free Find My Friends app from the App Store.
    • In order for someone to see your location, you must first give that person permission.
    • Your location is sent from your device when someone requests to see your location. It is not transmitted on a regular interval.
    • There is a switch that can be turned on so you can hide from all of your friends at any time.
    • There is an option to invite friends to share their location for only a temporary period of time.
    • Last known location data is only stored for two hours in an encrypted format on Apple's servers and then deleted. 
    • If you do not have a passcode lock set on your device, you will be automatically signed out of Find My Friends after 15 minutes of inactivity.

Photo Stream

    • You can reset your Photo Stream at icloud.com. This removes your photos from iCloud but keeps photos already on the device. For more information, see Photo Stream Help.
    • Photo Stream photos can be removed from your device by turning Photo Stream off in iOS settings or in OS X Lion System Preferences. You can also delete any photos imported into your iPhoto or Aperture library on a Mac, or in the folder they're imported to on a PC.
Not helpful Somewhat helpful Helpful Very helpful Solved my problem