iCloud Photo Library and security: What you need to know!

Our photos can be as personal and private as our messages, financial information, and identities. iCloud Photo Library wants to make sure all our pictures and videos are backed up online and available on all our devices. To do that, it moves the bits that make up those pictures and videos from our iPhones, iPads, and Macs up to servers on the internet and then back down to our other iPhones, iPads, and Macs. That means both the transport and the storage needs to be secure so that our content is only ever available to us and us alone.

How does Apple keep my photos secure?

Apple uses strong encryption to keep your photos safe as they move between your devices and iCloud. As Apple notes on its support site, your photos are transmitted under a "minimum of 128-bit AES encryption". This means that your photos are given the same treatment as your iPhone backups, iCloud Drive, and your other iCloud-stored content.

How does encryption keep my photos safe?

On a very basic level, it means that when one of your images is being transmitted (uploaded or downloaded), that photo is protected while it's in transit. This means that if someone were to copy the data for a photo that you were uploading from your iPhone to iCloud while it was being uploaded, they shouldn't be able to see the actual image. Just a bunch of pseudo-random ones and zeroes.

What else does Apple do to keep my photos secure?

Apple employs AES and SHA, industry standards for securely encrypting and hashing data. The company goes further in its iCloud security overview, which offers greater detail on how the company keeps your photos (and all of your data in iCloud) safe:

Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk's contents, with the keys using SHA-256. The keys and the file's metadata are stored by Apple in the user's iCloud account. The encrypted chunks of the file are stored, without any user-identifying information or the keys, using both Apple and third-party storage services—such as Amazon Web Services or Google Cloud Platform—but these partners don't have the keys to decrypt the user's data stored on their servers.

At a basic level, these standards are very good ways to protect photos and other data while they're being uploaded, downloaded, or stored.

What about privacy?

Apple takes privacy very seriously and, as noted above, stores your data chunks without user-identifying information. The company also gives you options for controlling your own privacy. First, on your iPhone or iPad themselves, it's easy to grant or revoke permission for third-party apps to access your photos.

However, if you've decided that there are images that you don't want to keep around, it's easy to delete them from your iCloud Photo Library. What's really great is that if you want to delete something, you only have to do so on one device. So if you delete an image on your iPhone, it will appear in Recently Deleted not only on that device, but any iPad or Mac connected to that iCloud account.

From there, your photo will remain in Recently Deleted for the next 30 days if you change your mind, or you can choose to completely delete it right away.

Questions?

If you have any other questions about iCloud Photo Library and security, let us know in the comments.

Updated January 2020: This remains the latest information on how iCloud Photo Library keeps your photos and video safe and encrypted.