iCloud Photo Library promises to make pictures and video a core part of Apple's iOS and OS X, but how does it keep them safe and secure?

Our photos can be as personal and private as our messages, as our financial information, as our identities. iCloud Photo Library wants to make sure all our pictures and videos are backed up online and available on all our devices. To do that, it moves the bits that makes up those pictures and videos from our iPhones, iPads, and Macs, up to servers on the internet, and then back down to our other iPhones, iPads, and Macs. That means both the transport and the storage needs to be secure so that our content is only ever available to us and us alone.

End-to-end Encryption

Apple's support documentation explains that iCloud photos are protected during both transit and while in storage by a "minimum of 128-bit AES encryption".

Apple's iOS security paper further describes iCloud file security, including photo security, as follows:

The [iCloud] service is agnostic about what is being stored and handles all file content the same way, as a collection of bytes.

Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk's contents that utilizes SHA-256. The keys, and the file's metadata, 
are stored by Apple in the user's iCloud account. The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as Amazon S3 and Windows Azure.

AES and SHA are industry standards for securely encrypting and hashing data. In other words, they're good ways to protect our pictures while uploading, storing, and downloading them.

Personal privacy

Apple also makes it easy to delete pictures and videos from iCloud Photo Library. You can do so online via iCloud.com, using the Photos app on your iPhone and iPad, and — when it ships this spring — using Photos for OS X on the Mac. Any picture or video you delete will remain in a Recently Deleted folder for 30 days, in case you want to recover it. After that period of time, it will be scheduled for deletion. On iOS and OS X, you can even remove pictures and videos from the Recently Deleted folder, making sure they're eradicated immediately.

The bottom line

iCloud Photo Library uses end-to-end AES encryption to keep your pictures and videos secure during upload from your iPhone, iPad, and Mac and the servers, while being stored on the servers, and while being sent back down to your devices. And if there's ever anything you decide you don't want to keep, you can delete, with 30-days to change your mind, or immediately, so it's done and gone forever.

That lets iCloud Photo Library keep everything available, but also keep it private and secure.