Syncing and security
How to make sure you only share the things you want to
Because iCloud synchronises data between devices and Apple’s servers, it’s moving lots of personal documents and data, so it’s important to protect that data from being intercepted by the wrong people.
In order to do that, Apple uses extensive encryption provided you have two-factor authentication enabled (see ‘Use 2FA to protect your iCloud privacy’). Encryption encodes your data in a format that is essentially impossible for others to intercept and decode, and Apple uses encryption on all your data transfers and almost all the data stored on its servers too. The only thing it doesn’t encrypt by default is your iCloud Mail, but if you want to encrypt that too you can enable S/MIME encryption in your mail apps.
Not everything is stored on Apple’s own servers: some data may be stored on third party servers, such as Amazon Web Services or Google Cloud Platform. Those third parties don’t have access to the keys that might enable them to decrypt your data.
End-to-end encryption
In addition to the encryption protection detailed above, iCloud also uses end-to-end encryption to safeguard particularly personal data. This creates an encryption key from your device’s unique information and your device passcode, encoding the data in a way that only you can access it. Even Apple can’t see it.
The specific data protected by end-to-end encryption varies according to which version of iOS you have on your mobile device – some features require iOS 12 or 13 – but it includes Apple Card transactions, Health data, Maps favourites and search history, Wi-Fi passwords, W1 and H1 Bluetooth keys, your keyboard’s learned vocabulary, your Safari history and your Siri information.
Apple also uses end-to-end encryption on your Messages, and if you use iCloud Backup, your backups will include a copy of the encryption key that protects the content of your messages. That means you can still access your messages if for whatever reason you can’t access iCloud Keychain or your trusted devices. If you turn off iCloud backup a new key is generated and stored locally on your device.