As an Apple user, all your data is stored on the iCloud (except the information locally stored on your devices). Thus, iCloud security should be a primary concern for you. Unfortunately, most users remain in the dark about iCloud’s internal security. Past hacks add to that situation. So the vital question remains: can the average iCloud user be at ease about data security? Or is it possible that iCloud is a privacy liability?
This article will review every security protocol Apple uses to protect user data. We’re also going to tell you about the best security measures you can employ to increase your iCloud security.
Quick tips to strengthen the security of iCloud
Apple takes user privacy seriously, regardless of location. And the iCloud’s security features are good in general. For example, they include high-end end-to-end encryption methods.
However, you can make your iCloud even safer by adopting a few simple extra measures.
- Enable two-factor authentication.
- Enable the “Find My” services for your gadgets.
- If you are on ICloud+, turn “HideMyEmail” on.
- Sign out of any browser you’re not using.
- Manage the apps that find you using your Apple ID.
- Choose a good, strong password.
- Adopt a password manager.
What is iCloud?
iCloud is Apple’s cloud computing and storage platform serving iOS users since October 2011. As an Apple user, this is the place that stores your pictures, videos, contacts, calendars, notes, and all those things that have made Apple’s devices and software the darling of user-friendliness enthusiasts.
The tech giant offers iCloud to every Apple device user with limited free storage. (Think of it as something similar to Google Drive offered to Android users.) For instance, a user can avail up to 5GB of storage for free, whereas upgrading to iCloud+ for the premium subscription can get more storage and premium features.
Is Apple’s iCloud secure?
iCloud is a safe service indeed, in general. The encryption protocols are excellent and transparent. End-to-end encryption is the rule for all data in the cloud –storage or transit.
There are instances in which some third parties store data in their databases. Fortunately, even in those cases, the third parties must follow Apple’s stringent security standards.
The encryption starts with AES 128-bits for most of the data in the cloud. Granted, AES 128-bit is not as strong as the 256 version. However, the AES matrix is robust enough that no successful attack exists so far. So the data you keep in your iCloud (memos, reminders, pictures, contacts, calendars, backups, and everything else) is encrypted with a reliable algorithm that can’t be broken so far.
Additionally, every time you access the iCloud.com domain, your session is secured with TLS 1.2 encryption.
Apple’s commitment to privacy and data security is well known. Its PR machinery makes sure it makes the news often, and the company walks the walk on this issue. In several instances, Apple has even faced intense pressure from governmental agencies to provide shortcuts for data acquisition, but the Cupertino giant has stood firm.
You can tell how seriously Apple takes the platform’s security because of the measures it uses:
- Advanced hardware protection with T2 specialized chips.
- Every Apple device boots incrementally. That ensures that a malicious party can never take over control.
- Updates flowing frequently to quickly neutralize any new threats.
- Some information is encrypted at the device level so that even Apple can’t access that data.
- Apple enforces high-security standards for all partners and App Store developers.
So, as you can see, Apple cares about data security on iCloud. Hence, it works hard to secure everything at both the policy and technical levels. Consequently, iCloud is secured cloud storage to save your data.
Improving your iCloud security
Indeed, iCloud is pretty safe. However, that doesn’t mean you can’t make it safer or that you shouldn’t. Digital security and privacy are quickly becoming prevalent concerns. Also, do not forget that hackers, governmental agencies, ISPs, and other potential snoopers know their craft and are always looking to improve it. So you should always keep a step ahead of the rest and not settle for the standard security in any scenario, even when it’s good enough. You can make your Apple device including its smart TV and your iCloud account much safer following these steps:
- Enable HideMyEmail. Apple provides this feature to hide your email when you sign-up for third-party services. It protects your identity. You need an iCloud+ subscription to use it, though.
- Sign out of all browsers. Do not remain logged into the iCloud network in any device or browser you’re not using currently. Search for this option at the bottom of your iCloud Account Settings window on any browser.
- Manage the apps that search for you. You can do this from an Apple device or your browser. Go to your iCloud account settings. Click on “Look me up.”
- Use a safe password. Sometimes the most basic measures are the most effective. Choosing a strong password is one of those cases. Consider that all the resources that Apple is spending on keeping your data safe are useless if you insist on having “12345” as your password. Also, it’s not enough to have one strong password. Every account you own must have a different password.
- Two-factor authentication. Enable two-factor authentication for your Apple ID. Go to your Apple ID account settings. Click on “Password and Security.” The “Two-Factor Authentication” is visible there; turn it on. Yes, two-factor logins can be a bit annoying. But they improve your security significantly.
- Enable “Find My” and “Send Last Location.” “Find My” is a tracking app that can locate your Apple devices and other toys if and when you lose them. You can turn it on and the “Send Last Location” function in the Apple ID security settings. This is not an iCloud setting, strictly speaking. But since your devices can grant third-party access to your iCloud data or account, it’s better to ensure you have these features ready to use.
- Get a good password manager. Having a top-notch password manager is an excellent way to secure your Apple account. It will also help you with all the other accounts you have on the internet.
These steps are easy to adopt and will go a long way in enhancing your security within the iCloud.
However, remember that online safety is not only about technology, settings, and software. When you are online, the things you do play a central role in your security. In brief, you should never take any unnecessary risks and always use a good antivirus suite, a VPN as your most basic and prevalent security habits.
The iCloud privacy policy
Yes, nobody ever reads the terms of use or general policies of any new account or software they install. Haven’t you either? We don’t blame you, but in this case, we need to bring your attention to the iCloud privacy policy.
And why is the company’s privacy policy suddenly relevant, we hear you ask? Because privacy is not the same as security or anonymity. Security and anonymity are goals we can meet using the right technology correctly. It’s a mechanical thing. Privacy, on the other hand, is not a technical thing. It has nothing to do with algorithmics. Instead, privacy, mainly internet privacy, is all about human decisions and company policies. So if you want to know where you stand regarding privacy issues with Apple in general and with iCloud in particular, you need to read their policy.
Apple is specific about what it does with your data. They have strict rules about data processing and storage, and they make sure that any third party that works with Apple follows those same rules. So, yes, that’s in the policy. Another remarkable statement in that same policy is that Apple doesn’t care about your location. So if you are an Apple user, your data will get the same treatment regarding privacy. This is good news for every user, but even more so for those users who live in jurisdictions that do not have legislation like Europe’s GDPR. Of course, you have to take Apple’s word at face value. But that’s the case with any service anyway.
As we keep reading the policy, one issue jumps out. Apple reserves the right to refuse a deletion request, and they give many reasons for that. For example, if your domestic law requires Apple to hand over some data, it won’t delete it at once. And the policy also leaves a lot of wiggle room for Apple to refuse deletions on the murkiest terms. Remember this when you upload data to your iCloud.
Those are the points that are more important for you to know. But the whole policy is much longer and includes many other topics. Nonetheless, Apple’s overall stand on privacy is good enough, but it leaves quite a bit of room for Apple to make judgment calls. So, yes, you can trust Apple with your privacy on the surface. But don’t overdo it, or you could live to regret it.
Requesting the deletion of your Apple and iCloud data
Apple has a webpage where you can send them any privacy inquiries you could have. That’s for general things, mind you. If you want specific answers about data handling, you need to create a ticket and send it.
Let’s say that you want to have a general idea about Apple’s data on you. Here is what you do:
- Launch your browser. Log in to your Apple ID.
- Go to “Manage your account.”
- Click on “Personal information.”
- Review all the personal information that iCloud has in store about you. Edit and change it if you so wish.
If you want to delete or deactivate your account or get some more advanced information about your data, go to the “Manage Your Account” option and follow these steps:
- Within the “Manage Your Account” tab, go to “Privacy.”
- Click on “My Data.” This will take you into another domain belonging to Apple’s privacy platform.
- Log into your Apple ID again on Apple’s privacy platform.
- Once you’re here, you can do any of the following things:
- Get a copy of your data.
- Transfer a copy of your data.
- Correct your data.
- Deactivate your account temporarily.
- Delete your account.
The battle for a backdoor into Apple’s iCloud
The FBI wanted Apple to provide a back door into a suspect’s iPhone after the San Bernardino shooting in 2016. Apple refused the request.
Let’s take a moment to analyze this situation. The critical thing to realize is that hacking an individual device was not the FBI’s priority. If all FBI wanted was the information stored in that iPhone, there were plenty of kits and hackers around to do the job — not to mention that the FBI’s staff must indeed include people that can do that. The FBI wanted to have a legal precedent established in which Apple would give them free access to any iPhone upon request in the future. Apple refused, as it understood that such a precedent would turn the company into a domestic intelligence collector for the FBI. A legal battle followed.
This incident marked the beginning of a new era in Apple’s history. Suddenly, its hermetic and safe infrastructure was being thoroughly tested and the company’s resolution.
Apple won and did not create a backdoor into the iCloud. This, of course, was great news for privacy enthusiasts worldwide.
However, Apple recently announced the deployment of a system for finding and reporting child pornography and other tools that aim to protect children’s security. Nobody opposes protecting children, of course. But the new system seemed to privacy-aware people as if it would create automatic blacklists without any mechanism to appeal. So while children protection advocates hailed it with enthusiasm, privacy advocates decried it as the first step leading to a slippery slope. Dropbox already has one such system, and its results could be controversial.
This new development brought the “Apple backdoor” affair back to the surface. But the future remains fuzzy.
Apple decided to delay the implementation of the new anti-porn measures indefinitely. So it’s unclear if Apple will ever deploy it. And if it comes online, it remains to be seen how much of a precedent it can set for the future. As a privacy-aware iCloud user, you should watch for further developments on this issue.
How to remove your media files from the iCloud (videos and pictures)
The anti-child-porn update announcement made many users uneasy. They worried that Apple would start breaching user privacy and never stop by analyzing their pictures or that the system would decide that an otherwise innocent photo was problematic.
As a result, many iCloud users do not want to have any pictures or videos uploaded to the iCloud.
If, after finding these things out, you find that you don’t want to have any of your pictures and videos up there, you can do this:
- Take any Apple device and open “Settings.”
- Click on your Apple ID.
- Click on iCloud.
- Search for “Photos” in the list of files to be synced.
- Untick the box next to Photos.
Data recovery in the iCloud
One massive perk of Apple’s devices and services is that they can recover your iCloud data for you. Since the storage is encrypted end-to-end, the encrypted data can only be decrypted once it’s back on your device, so you don’t need to worry about snoopers.
So, if you want to restore some files you deleted from the iCloud, do this:
- Log in to the iCloud.
- Go to iCloud Drive.
- Look at the bottom-right corner of the screen.
- Click on “Recently Deleted.”
- Find the file you want to recover.
Restoring old files from an iCloud backup
So you bought a brand new Apple device, and you want to have everything just as it was in your previous one. You can also have your cake and eat it as long as you have an iCloud backup! Do this:
- Log into your iCloud account.
- Go to the iCloud settings.
- Look at the bottom-left corner, under “Advanced.”
- Choose the data type you want to recover and proceed.
The New iCloud+ security features
In November 2021, Apple rolled out iOS15, iPadOS 15, macOS Monterey, and iCloud+. This last thing is the paid service of the Apple iCloud storage service, which has some additional benefits aimed to enhance iCloud’s security and privacy. The new service meets this goal by providing two new features. Let’s see them.
iCloud Private Relay
The iCloud Private Relay feature came out as a beta product. But those users paying their monthly iCloud fee could still turn it on and test it.
It’s part of Safari, so you can only use it on Apple devices. The idea is to add a new security layer to your internet traffic. It reroutes your traffic through two independent nodes on the internet. One of those nodes is Apple’s, and the other belongs to a commercial partner. Because your traffic goes through two nodes, no single node has the whole picture. Thus, it complicates the life of any third party trying to make heads or tails of your activities. That third party can be the person sitting next to you at Starbucks, web advertisers, the government, your ISP; you name it.
Each step in the relay completes one task: one masks your IP address, the other one encrypts your traffic. Hiding your actual IP address is equivalent to hiding your physical location. But, on the other hand, encrypting your traffic makes it impossible for anybody else to know what you’re up to online.
This feature looks like Apple’s version of an anemic VPN service. It will be better than having nothing for the average user, but it’s nowhere near as powerful or versatile as a good VPN, and it’s costing you.
We will overlook the limitations of this option when compared to a VPN because it’s an iCloud service, so it’s probably not fair to compare them directly.
Hide My Email
This feature is not exactly new; it’s more of an expansion on a previously existing setting known as “Sign In With Apple.” This service allows Apple ID users to log into websites using their Apple ID, thus keeping their email and other personal information private.
Hide My Email is the same idea, except it can work on any website, not only in those with a “Sign In With Apple” option. With this service, you can create as many random or unique email addresses as you need and use them to open new accounts of any type you’d like.
Since email addresses remain the one bit of digital identity that every internet user must have to exist, this is a great idea. You can comply with the sign-up process on any website without giving up your primary email address. Many users will find this feature very helpful for sure.
Final thoughts
Apple is a giant in the mobile world, with millions of faithful iPhone users worldwide. And iCloud is the storage service they all use by default. So unlike Google Drive, Dropbox, Mega, or other clouds on the internet, this one has a niche market. And it’s not in direct competition with the rest of the market because it’s primarily an Apple thing.
Consequently, the robust iCloud storage is here to stay. But even with that privileged position, there are issues on iCloud’s future that remain clouded (no pun intended).
iCloud’s security is undeniable. It boasts a dedicated security infrastructure, and the end-to-end encryption protocol goes a long way in making everything secure. It’s a safe place to store photos, documents, contacts, videos, and any digital file you could fancy. Besides, the policy side of things is fantastic too, and Apple has a tremendous track record of protecting user privacy, even against its government.
So there’s nothing not to like about iCloud. The service is excellent, and it keeps expanding and improving.
Still, as shown in this guide, you can use plenty of additional options to keep your data safe against every third party.
Adopting extra security measures on iCloud adds a little friction to your user experience. That will be especially noticeable in Apple systems whose primary purpose is to be as friendly as possible to even the least savvy users. However, digital security, privacy, and anonymity are quickly becoming core values of our brave new digital world. So adopting that extra measures, putting up with a bit of excess friction, could mean great benefits in the future, so we suggest you consider them seriously.
So now you know! Go ahead and tweak a little your iCloud settings so you can do what we want all our readers to do: stay safe!
FAQs
Before we answer this question, let us remind you of an essential axiom in digital security: there are no 100% solutions. Thus, the answer is: iCloud is as safe as a digital internet data cloud. Advanced encryption, end-to-end protocols, and many other corporate security measures make this platform as safe as humanly possible. However, that is the platform, not your individual account. Your account’s safety is your responsibility to a high degree. If you pick a weak password, keep your account logged on public devices or computers, or work against your own security in any other way, it could be vulnerable.
Yes, your iCloud picture library is indeed private. It’s stored encrypted in Apple’s servers, and the end-to-end protocol guarantees that you can’t recover the unencrypted version of any file if you don’t get it on the correct device.
Yes, but only if you share the pictures with somebody else.
Point your browser to appleid.apple.com, log in and select “Devices.” See what devices have been connected to your iCloud and make sure that there are no intruders in the list.
Yes, you can. Any “normal” on your device is encrypted on the iCloud. So if you delete it, the encrypted version will also go away.