iCloud: iCloud security and privacy overview

Summary

Apple takes data security and the privacy of your personal information very seriously. iCloud is built with industry-standard security practices and employs strict policies to protect your data.

Products Affected

iCloud

This article explains how iCloud keeps your personal information and data secure. In addition to this article, you should also review Apple’s Privacy Policy which covers iCloud.

Data Security

iCloud secures your data by encrypting it when it is sent over the Internet, storing it in an encrypted format when kept on server (review the table below for detail), and using secure tokens for authentication. This means that your data is protected from unauthorized access both while it is being transmitted to your devices and when it is stored in the cloud. iCloud uses a minimum of 128-bit AES encryption – the same level of security employed by major financial institutions – and never provides encryption keys to any third parties.

Security and iCloud Features

The table below summarizes how your data is secured when using various iCloud features:

Calendars Yes Yes A minimum of 128-bit AES encryption
Contacts Yes Yes
Bookmarks Yes Yes
Reminders Yes Yes
Photo Stream Yes Yes
Documents in the Cloud Yes Yes
Backup Yes Yes
Find My iPhone Yes Yes
Find My Friends Yes Yes
iCloud.com Yes N/A All sessions at iCloud.com are encrypted with SSL. Any data accessed via iCloud.com is encrypted on server as indicated in this table.
Back to My Mac Yes N/A Back to My Mac does not store data on iCloud. Data retrieved from other computers is encrypted with SSL while in transit.
iTunes in the Cloud Yes N/A Purchased or matched music files are not encrypted on server because they do not contain any personal information
Mail and Notes Yes No All traffic between your devices and iCloud Mail and Notes is encrypted with SSL. Consistent with standard industry practice, iCloud does not encrypt data stored on IMAP mail servers. All Apple email clients support optional S/MIME encryption.

 

Use of Secure Tokens for Authentication

When you access iCloud services using Apple’s built-in apps (for example, Mail, Contacts, and Calendar apps on iOS or OS X), authentication is handled using a secure token. Using secure tokens eliminates the need to store your iCloud password on devices and computers. Even if you choose to use a third-party application to access your iCloud data, your username and password are sent over an encrypted SSL connection.

Strong Passwords

When creating an Apple ID to use with iCloud, your password must have a minimum of 8 characters, a number, an uppercase letter, and a lowercase letter. Using a strong password is the most important thing you can do to help keep your data secure. Learn more about creating a strong password here

Privacy

Apple has a company-wide commitment to your privacy. Our Privacy Policy covers how we collect, use, disclose, transfer and store your information.

In addition to adhering to the Apple Privacy Policy, Apple designs iCloud features with your privacy in mind. For example:

Find My iPhone

  • You must turn on Find My iPhone, iPad, and iPod touch in iOS Settings before your device can be located. 
  • You must turn on Find My Mac in OS X System Preferences before your Mac can be located.
  • Location data is sent from your device only when you request its location -- it is not transmitted or recorded at any other time.
  • Last known device location data is stored on Apple's servers in an encrypted format for 24 hrs, and then permanently deleted. 
  • Lost Mode data is stored on the device that is in Lost Mode and retrieved on-demand by you only.
  • You are automatically signed out of the Find My iPhone app (on device or on the web) after 15 minutes of inactivity.
  • Remote Lock allows you lock a device's screen to prevent others from accessing your data.
  • Remote Wipe lets you permanently and securely erase your data from a device.

Learn more about Find My iPhone.

Find My Friends

  • To use Find My Friends, you must first download the optional and free Find My Friends app from the App Store.
  • For someone to see your location, you must first give that person explicit permission.
  • Your location is sent from your device only when a friend requests to see your location -- it is not transmitted or recorded at any other time.
  • There is a single switch you can use to hide from all of your friends at any time.
  • Last known location data is stored on Apple's servers in an encrypted format for only two hours, and then permanently deleted. 
  • If you do not have a passcode lock set on your device, you will be automatically signed out of Find My Friends after 15 minutes of inactivity.

Learn more about Find My Friends.

Photo Stream

  • You can delete unwanted photos from your Photo Stream at any time. Review this article for more information.

Learn more about Photo Stream.

Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Ask other users about this article
in Apple Support Communities
See all questions on this article See all questions I have asked