145Apple Platform Security
Security of iCloud Backup
iCloud backs up information—including device settings, app data, photos, and videos in
the Camera Roll, and conversations in the Messages app—daily over Wi-Fi. iCloudBackup
occurs only when the device is locked, connected to a power source, and has Wi-Fi access
to the internet. Mindful of the storage encryption used in iOS and iPadOS, iCloudBackup
is designed to keep data secure while allowing incremental, unattended backup and
restoration to occur. By default, the iCloudBackup service key is securely backed up to
iCloud Hardware Security Modules in Apple data centers, and is part of the available-after-
authentication data category. For users who turn on Advanced Data Protection for iCloud,
the iCloudBackup service key is protected with end-to-end encryption, and available only
to users on their trusted devices.
When files are created in Data Protection classes that aren’t accessible when the
device is locked, their per-file keys are encrypted, using the class keys from the
iCloudBackupkeybag and backing the files up to iCloud in their original, encrypted state.
All files are encrypted during transport and, when stored, encrypted using account-based
keys, as described in CloudKit encryption.
The iCloudBackup keybag contains asymmetric (Curve25519) keys for Data Protection
classes that aren’t accessible when the device is locked. The backup set is stored in the
user’s iCloud account and consists of a copy of the user’s files and the iCloudBackup
keybag. The iCloudBackup keybag is protected by a random key, which is also stored with
the backup set. The user’s iCloud password isn’t used for encryption, so changing the
iCloud password won’t invalidate existing backups.
On restore, the backed-up files, iCloudBackup keybag, and the key for the keybag are
retrieved from the user’s iCloud account. The iCloudBackup keybag is decrypted using
its key, then the per-file keys in the keybag are used to decrypt the files in the backup set,
which are written as new files to the file system, thus reencrypting them according to their
Data Protection class.
The following content is backed up using iCloudBackup:
• Records for purchased music, movies, TV shows, apps, and books. A user’s
iCloudBackup includes information about purchased content present on the user’s
device, but not the purchased content itself. When the user restores from an
iCloudBackup, their purchased content is automatically downloaded from the iTunes
Store, the App Store, the AppleTV app, or Apple Books. Some types of content aren’t
downloaded automatically in all countries or regions, and previous purchases may be
unavailable if they have been refunded or are no longer available in their respective
store. Full purchase history is associated with a user’s AppleID.
• Photos and videos on a user’s devices. Note that if a user turns on iCloud Photos in
iOS8.1, iPadOS13.1, or OSX10.10.3, or later, their photos and videos are already stored
in iCloud, so they aren’t included in the user’s iCloudBackup.
• Contacts, calendar events, reminders, and notes
• Device settings
• App data
• Home Screen and app organization
• HomeKit configuration
• Medical ID data