Cupertino tech giant, Apple Inc. always emphasizes more on security and privacy as its main strength in all of its products.

Apple’s iCloud storage service lets users sync a staggering amount of data between Macs, Windows PCs, iPhones, and iPads. At the time of writing this article, iCloud is being used by at least 900 million users, with 200 million of them paying for the extra storage.

iCloud can be accessed between Apple devices

This might come as a surprise to most of our readers. All of the iCloud data doesn’t get stored in Apple servers. Most of the data are kept in third-party cloud providers such as Google Cloud or AWS.

As Apple relies on other companies’ servers for storing its iCloud data, these third parties will only ever see encrypted, random data without any associated metadata.

The data is protected by strong encryption keys that follow industry security standards. Apple holds these keys so that your iCloud data remains unknown to other parties. This ensures more than enough data security but there are a lot of caveats.

Not everything is safe, as it looks

A study published in securephones.io by Professor Matthew Green of Johns Hopkins University (along with pursuing graduates Maximilian Zinkus, Tushar Jois) explains a lot of loopholes, bypasses, and data accessibility in iCloud. You can download the full report here.

In their report, they have identified multiple vulnerabilities in iCloud data security policies. For example, Apple’s Messages in Cloud feature is advertised as an end-to-end encrypted storage container that helps in synchronizing messages across Apple devices.

But, when the iCloud backup is activated for this feature, the decryption key for this storage container is uploaded to Apple’s server which can be accessed by Apple or another third party by all means.

Mail is stored unencrypted on the iCloud server. Health data is only end-to-end encrypted if two-factor authentication is enabled for iCloud.

A snippet from the study taken from securephone.io

This doesn’t look good, does it ?

A lot of these policies may be hidden in the “Terms and Conditions” when you sign up for iCloud. But not everything is written in a transparent way by Apple.

Everything changes, when it comes to law.

Apple can actually decrypt your data that is stored in iCloud if requested by law enforcement agencies. In fact, a lot of services and apps that are backed up in your iCloud can be accessed by Apple as they are not end-to-end encrypted as shown in the above picture.

While there can be multiple reasons for this, but Apple has always been about security and privacy. To add more fuel to this problem, a new report has come to light that enlightens this matter.

Email sent from Apple

Sci-Hub founder Alexandra Elbakyan has claimed that she has received a worrying email from Apple, revealing that law enforcement has demanded and gained access to her account data. The email indicates an FBI investigation although the precise nature of any inquiry remains unclear.

But from Apple’s email, one can clearly understand that her Cloud account has been subject to data seizure by the FBI. And that this email was sent only after the investigators had finished their work.

China dictates Apple

Recently New York Times published an investigation into Apple’s China data policies.

Following a Chinese cybersecurity law that came into effect in 2017, Apple started storing customer iCloud data which contains emails, contacts, photos, geolocation, among others on Chinese data centers that are handled and monitored by Chinese state employees.

Also, the Chinese version of the App Store is notorious for aggressively censoring apps and other content that might provoke Chinese regulators.

Take this for example.

The iCloud encryption keys, which protect one’s iCloud data was originally stored abroad but eventually, Apple was forced to store the keys inside China. And this move potentially makes it easier for the Chinese government to access people’s Apple data.

Apple and China – the love story continues

Apple recently tweaked its user agreement to give a third party (Guizhou-Cloud Big Data – GCBD) legal ownership of Chinese customers’ iCloud data. This provides a legal shield to the Chinese government who can access customer’s data just like that.

Technically, Apple surrendered in China

This article is not a rant against Apple.

We are just showcasing the bad side of iCloud data security policies that are not so great when looking from a privacy perspective.

But still there are so many positives to talk with respect to Apple’s security.

For example, Apple’s iOS operating system is considered the most secure mobile OS. Being a closed system. Apple doesn’t release its source code to app developers, and the owners of iPhones and iPads can’t modify the code on their phones themselves.

This makes it difficult for hackers and attackers to find vulnerabilities on iOS-powered devices.

All we are saying is, there are good and bad in everything. You need to take note of both, and stay secure in this digital world.

Thanks for reading our article. If you liked it, share it with your family and friends.

Follow our Facebook and Twitter page for more contents and news.

Author

Leave a Reply

Your email address will not be published. Required fields are marked *