iCloud security overview

iCloud is built with industry-standard security technologies, employs strict policies to protect your information, and is leading the industry by adopting privacy-preserving technologies like end-to-end encryption for your data.

Data security

iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed in to iCloud. No one else, not even Apple, can access end-to-end encrypted information.

Here's more detail on how iCloud protects your data.

Data Encryption Notes
In transit On server
Calendars Yes Yes A minimum of 128-bit AES encryption
Contacts Yes Yes
Bookmarks Yes Yes
Notes Yes Yes
Reminders Yes Yes
Photos Yes Yes
iCloud Drive Yes Yes
Backup Yes Yes
Find My iPhone Yes Yes
Find My Friends Yes Yes
iCloud.com Yes N/A All sessions at iCloud.com are encrypted with TLS 1.2. Any data accessed via iCloud.com is encrypted on server as indicated in this table.
Back to My Mac Yes N/A Back to My Mac does not store data on iCloud. Data retrieved from other computers is encrypted with TLS 1.2 while in transit.
Mail Yes No

All traffic between your devices and iCloud Mail is encrypted with TLS 1.2. Consistent with standard industry practice, iCloud does not encrypt data stored on IMAP mail servers. All Apple email clients support optional S/MIME encryption.

 

End-to-end encrypted data

End-to-end encryption provides the highest level of data security. Your data is protected with a key derived from information unique to your device, combined with your device passcode, which only you know. No one else can access or read this data.

These features and their data are transmitted and stored in iCloud using end-to-end encryption:

  • iCloud Keychain (Includes all of your saved accounts and passwords)
  • Payment information
  • Wi-Fi network information
  • Home data
  • Siri information

To use end-to-end encryption, you must have two-factor authentication turned on for your Apple ID. To access your data on a new device, you might be required to enter the passcode for an existing or former device.

Two-factor authentication

Apple recommends that you turn on two-factor authentication for your Apple ID. With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. So when you want to sign in with your Apple ID on a new device for the first time, you need to provide two pieces of information—your password and the six-digit verification code that's automatically displayed on your trusted devices.

Use of secure tokens for authentication

When you access iCloud services with Apple’s built-in apps (for example, Mail, Contacts, and Calendar apps on iOS or macOS), authentication is handled using a secure token. Using secure tokens eliminates the need to store your iCloud password on devices and computers.

Privacy

Apple has a company-wide commitment to your privacy. Our Privacy Policy covers how we collect, use, disclose, transfer, and store your information. And in addition to adhering to the Apple Privacy Policy, Apple designs all iCloud features with your privacy in mind.

Published Date: