7 Replies Latest reply: May 22, 2012 4:02 PM by lesposen
Levahim Level 1 (0 points)

How does iCloud encrypt my stored data? Does it use my own private key? Can anybody who has access to the iCloud storage and the software decrypt my data? Thanks, Lev.

  • Winston Churchill Level 10 (95,561 points)

    Welcome to the Apple community.


    Your data does not need encrypting, it is protected by the password on your account.

  • Levahim Level 1 (0 points)

    Thank you, Mr. Churchill. I understand about the password, which protects my data from unauthorized access from the Internet. But my question is slightly different: how is my data protected against an evil someone getting access to it from within the iCloud, from within Apple?

  • Winston Churchill Level 10 (95,561 points)

    I don't believe there is any further encryption other than the password protection we have already discussed.

  • lesposen Level 1 (45 points)

    From the Apple support document online:


    Encrypting content that is stored in iCloud
    Apple encrypts data that is stored to deliver the iCloud service. Encrypted data includes:

    • Photos in your Photo Stream
    • Documents in the Cloud
    • Backup data for your iOS device
    • Contacts
    • Calendars
    • Bookmarks
    • Reminders
    • Location data for Find My iPhone, iPad, iPod touch, and Mac
    • Location data for Find My Friends


    Use of Secure Tokens for Authentication
    When you access iCloud services using Apple’s built-in apps (for example, Mail, Contacts, and Calendar on iOS 5, and Mail, Address Book, and iCal on OS X Lion), authentication is done using a secure token. Using a secure token eliminates the need to store your iCloud password on devices and computers.

    See for more: http://support.apple.com/kb/HT4865

  • Gandalf99 Level 1 (0 points)

    I agree wholeheartedly with your concern, though mine is not primarily for evil people at Apple but for Apple being too willing to comply with a government request for info as was done by the Bush administration with cell phone companies after 9/11. The security mentioned by lesposen and churchill is nice but as long as the host of the data also has access it's not really secure or private. I also don't like what large companies do with my surfing habits, download choices, etc. I know there is a common belief that if you don't do anything wrong you have nothing to worry about, but that is really naive, in my opinion. As one small example, look at the number of people whose lives were ruined during the McCarthy era for doing absolutely nothing wrong.  I will probably sign up for the service anyway knowing that I can't rely on the privacy of it and acting accordingly.

  • Levahim Level 1 (0 points)

    Thank you, lesposen, for the link. This article says that the data is encrypted when stored in iCloud, however, it does not describe how exactly it is encrypted and who has access to the key for its decryption. Without that information, stating that the data is encrypted when stored is in fact rather meaningless.

  • lesposen Level 1 (45 points)

    I suspect we will learn more about iCloud and privacy isssues in two weeks at WWDC where the money is betting Apple will give time over to its cloud capabilties and integration with various existing and perhaps new apps. I suspect if it does security will be one of the issues discussed, given general community concern as well as the move to eHealth and iPad usage there in medical/hospital settings. HIPAA and other US laws will be a driving force behind all cloud based initiatives boosting security.


    Les Posen

    Melbourne Australia