If you own an iPhone, there’s a good chance you also use iCloud, Apple’s cloud storage and computing service for iOS devices.
iCloud exists in fame and notoriety. The technology has at least 782 million users, making it the most popular cloud storage service in America. Yet, iCloud also occasionally makes headlines for unnerving security breaches.
There was the 2014 “Celeb-gate” scandal, when hundreds of celebrities’ personal photos were leaked to the public. Headlines broke again in 2016, when Pippa Middleton, younger sister of the Duchess of Cambridge, had her private photos end up for sale online. Just this past February, supermodel Emily Ratajkowski’s private photos were leaked and a phone phishing scam began to circulate.
Clutch conducted a survey of 1,001 iPhone users to determine opinions and behaviors regarding iCloud security. We then spoke with experts on the data to provide analysis. Using the data and experts’ commentary, we hope to shed light on the state of iCloud’s security, and what exactly users should fear, if anything at all.
- Over three-quarters of respondents ranked their iPhone as “very” or “somewhat” secure.
- Yet, almost half of respondents are only “slightly” or “not at all” confident with storing personal information on iCloud.
- 66% of respondents know with certainty if any iCloud features are enabled on their iPhone.
- At the same time, 15% of respondents do not know what data they are automatically backing up onto iCloud, which may be cause for concern.
Besides presenting our findings, this article answers four questions to help you determine how to keep information stored on iCloud safe.
- How secure is my iPhone?
- What are iCloud’s security features?
- Is iCloud safe?
- What can I do to secure my iCloud?
Majority of iPhone Users Have Faith in Device’s Security
When it comes to the security of the iPhone itself, users seem to have a considerable amount of trust. Seventy-six percent (76%) of iPhone users ranked the device as “very” or “somewhat” secure.
Only 10% ranked their iPhone as only “slightly” or “not at all” secure.
How secure is my iPhone?
The iPhone is a secure device by many measures.
In 2014, Apple introduced an update in which all the important data on your iPhone, from photos, to contacts, to call history, is automatically encrypted. It features a variety of additional security features that can be enabled, from the power to wipe data remotely via the Find My iPhone application, to the ability to choose passwords longer than the default, four-number option.
Matthew Bookspan, CEO of Blacktip IT Services, spoke highly about the security of Apple’s iOS platform: “Compared to the other major platforms out there for mobility, the Apple iOS platform is incredibly secure.”
He elaborated on specific security features: “The data is encrypted completely on the device. You have an encrypted fingerprint reader, which is local to the device. ... All the data that’s on the device is on the device. Even though you can sync data to the cloud, the core of the data is still stored on the device.”
In many people’s minds, the encryption and fingerprint reader, among other features, make the iPhone a secure device.
Of course, one can find a way around any security feature. Given the existence of mass biometric databases, both criminals and higher officials can find means of duplicating fingerprints using a variety of creative methods. This isn’t to say that every iPhone user should be concerned about crooks running around with fake molds of your fingerprints, but it’s an important reminder that even some of the most high-tech security features can be compromised.
iPhone Users Less Confident in iCloud’s Security
iPhone users have less faith in iCloud’s security than in the device itself.
Forty-seven percent (47%) of respondents are only “slightly” or “not at all” comfortable with storing personal information on iCloud. This hesitation may be a result of their limited knowledge of iCloud.
Knowledge is Key for Greater Confidence in iCloud’s Security
Having a general understanding of iCloud’s function discourages users’ fear about storing personal information on iCloud.
However, more than one-quarter (28%) of respondents to our survey did not know iCloud’s function.
When we compare data about users' familiarity with iCloud’s function and users’ comfort level storing personal information on iCloud, there is a clear trend: more knowledge of iCloud’s function means greater comfort using the platform. Users unaware of iCloud's function displayed lower levels of comfort with storing personal information on iCloud, and also responded to the question regarding comfort with "I don't know" at a higher rate.
The correlation between knowledge of how iCloud works and willingness to store personal information there shows that knowledge discourages fear. “I think our society is deeply uninformed. From a technology standpoint, it is just a systemic issue that people are ill-informed,” said Bookspan.
Aaron Mangal, Host of “The Cloud” podcast at Network Remedy, agrees that a basic understanding of iCloud is advantageous for a user. However, he said, “users don't need to go too deep into it, unless they plan to become career technicians.”
Instead, a working knowledge of the basics of iCloud’s function – and possibly its security capabilities – will help you feel more comfortable.
What are iCloud’s security features?
iCloud has several security features to keep your personal data safe.
Given that a more informed user is less likely to succumb to fearmongering, Clutch researched the basics of iCloud’s security for readers’ benefit.
iCloud’s main security features include the following:
1. Advanced Encryption
The service uses a minimum of 128-bit AES encryption, which the Apple website highlights as “the same level of security employed by major financial institutions.”
2. Complex Password Requirements
Users must create a password that is at least eight characters and contains a number, uppercase letter, and lowercase letter. There is the option for both two-factor authentication and verification, which is a version of the service for older devices.
3. Apple’s Limited Access to Personal Data
Users can store passwords and credit card information on iCloud Keychain, which is encrypted at a higher level, 256-bit AES encryption. Apple does not have access to the information on iCloud Keychain.
Yet, despite iCloud’s security features, there are still slips.
Bookspan spoke to the occurrence of human errors in all cloud security. “Do I believe iCloud is secure?” asked Bookspan. “I’m struggling to answer this because inherently I do believe it is secure, and I believe Apple does its very best to ensure that your data is secured. But ultimately, software is written by people, and people make mistakes all the time.”
Despite slips like Apple’s recent failure to remove deleted Safari browser history, Bookspan says he still trusts iCloud with his personal data. “Inherently, the software is made as secure as it possibly can be,” he said. “That being said, it can have holes and things can go wrong. Do I believe it’s secure? Yes. Do I entrust my own data with it? Yes.”
Mangal offered a bit more skepticism when specifically referencing storing personal information and banking information on iCloud (as opposed to iCloud Keychain). He recommends minimizing centralized data targets: “If an attacker knows that a source has a bunch of credit cards or photos from high-level dignitaries or celebrities, it will definitely be a quantifiable target to them.” Mangal goes as far to suggest not storing this type of information online.
The ease of online storage masquerades possible risks for many every day users. “We see it as being gone after a couple of clicks,” said Mangal. “But it definitely goes somewhere, which is an important takeaway.”
Some iPhone Users Unaware If They Are Using iCloud
Knowing whether iCloud is turned on and what information you are storing there is important, since it dictates the appropriate steps you need to take to secure your personal information on the service.
66% of respondents to our survey know with certainty that iCloud features are enabled on their phone.
Yet, this also means that 34% of users aren’t aware that iCloud features are enabled on their iPhones.
Furthermore, 15% of the survey’s respondents indicated that they do not know which data their iPhone automatically backs up onto iCloud.
It’s troubling that a small, but significant number of users are unaware if iCloud is enabled and what information they are storing on the service.
Is it important to know what you put on iCloud? From a convenience factor, yes. “The worst thing in the world would be if someone thought they backed something up, deleted it, and found that it wasn't on the cloud,” said Mangal.
From a security standpoint, though, the answer depends on whether you believe iCloud is inherently secure and what sort of responsibility users have for keeping their data safe. These opinions will influence the actions users take toward securing their data on iCloud.
Is iCloud safe?
So, the big question – is iCloud safe? Well, it is and isn’t.
Speaking to the well-known celebrity iCloud hacks, Bookspan said that they likely were the result of user error.
“It’s because people don’t use secure passwords. It’s human error. It wasn’t that iCloud had a breach. A bad guy figured out the password and broke into your device and stole. Sadly, the press mischaracterizes that because they say it’s a leak when it really was an end user problem.”
In the case of the 2014 celebrity hack, many speculated that the hackers used a “brute force” program that randomly generated passwords for accounts until it received a match.
While the celebrities can be blamed for likely using simplistic passwords that are easy to guess, Apple also is at fault for not limiting the number of passwords one can try before locking the account on certain features.
So, there’s no way to truly determine if iCloud is safe because opinions will always differ. Given that the service is so massive and stores such an incredible amount of information from a variety of people, seemingly infinite scenarios exist for security breaches.
What can I do to secure my iCloud?
All this isn’t to say that you should panic and immediately disregard iCloud. Rather, be smart. Choose a strong password. Be skeptical of phishing attempts to steal your login information. Enable two-factor authentication, which would’ve easily prevented the aforementioned celebrity hacks.
You can take it even further. On the rare chance that your account is compromised despite these steps, don’t store important passwords in your Notes app (use iCloud Keychain), and delete photos from iCloud that you wouldn’t want your mother or boss to see.
iCloud shouldn’t be a cause of undue stress or fearmongering. As technology progresses, so does the ability to hack technology for unsavory causes. Stay educated and act on security recommendations, and the likelihood that your data will stay safe is in your favor. If you entrust your information to any cloud service with blind faith, however, you may be setting yourself up for disaster.
Questions or comments? Contact Riley Panko [email protected]