If you thought that using Apple’s iCloud service kept your data off of Google servers, you might be surprised to know that Apple has recently confirmed that Google Cloud hosts its iCloud data. The confirmation, which was made through Apple’s regularly-updated iOS Security Guide, states that iCloud stores user’s data on third-party storage services, such as S3 and Google Cloud Platform.
From the document:
“Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk’s contents that utilizes SHA-256. The keys and the file’s metadata are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as S3 and Google Cloud Platform.”
A Move Away from Azure, AWS
Previous editions of the guide indicated that user data was regularly encrypted and stored on third-party services, but the ones specifically mentioned were AWS and Microsoft Azure. Azure is not mentioned in the latest version of the guide.
In 2016, some media outlets indicated that Apple was expanding on its relationship with Google over AWS. To date, there had been no direct public confirmations on this from Apple. Estimates from one source at the time set Apple’s Google Cloud spending at between $400 million and $600 million annually.
What Type of Data is Stored in Third-Party Cloud Platforms?
Apple states that the only data stored on these services is data that has already been encrypted, with no identifying information available to the cloud provider. The encryption keys that allow for that data to be decrypted and accessible are kept by Apple and only divided segments of stored files are kept on third-party servers.
This particular practice has had some international ramifications. For example, China has laws that insist that cloud data owned by Chinese citizens be maintained by and stored in Chinese data centers. Until recently, Apple kept the keys in the United States, but the encrypted data in China.
Now, Apple will store the encryption keys in China, as well. This allows Chinese law enforcement agencies to petition local Chinese courts for access to that information rather than having to go through the United States legal system.
Apple’s decision to use third-party services to store user data is not a new concept. Storage of massive amounts of data requires a lot of infrastructures, including regional data centers. Rather than building out this massive infrastructure itself, Apple is utilizing networks that already exist and have a proven track record.
There are only a handful of public cloud providers that have the type of infrastructure Apple requires. Amazon, Microsoft, and Google are three of the largest.