Apple has confirmed that Google Cloud Platform is one of at least two third-party services it relies upon for storing encrypted iCloud account data, which it notes doesn't include any user-identifying information.
Apple made the disclosure in the latest version of its iOS Security Guide, which was updated last month. This particular change went unnoticed until it was reported by CNBC's Jordan Novet earlier today.
The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as S3 and Google Cloud Platform.
Previous versions of the iOS Security Guide mentioned Microsoft Azure, but Google Cloud Platform is now listed in its place. Apple also continues to rely on Amazon's S3 web service for additional storage.
iCloud stores a user's contacts, calendars, photos, documents, and more, and since each file is broken into chunks and encrypted with AES-128 and SHA-256 keys, storage on Google Cloud Platform shouldn't be a security concern.
Apple reached a multi-million dollar deal with Google Cloud Platform in 2016, according to reports from CRN and the Financial Times.
Remember Apple vs FBI, then like magic, all Senate hearings and news coverage suddenly stopped?
Apple has been lauded this week as crusaders for smartphone privacy, after the federal government compelled the company to install a backdoor into its own software (which Apple promptly denounced).Despite its refusal, Apple has already divulged a potential trove of private information from the San Bernardino shooter's phone, which includes the iCloud backups and all associated iCloud data. This is standard practice for Apple, which as a (normally) law-abiding company provides law enforcement with all data relevant to investigations, even extracting information from phones multiple times in the past.
Tim Cook confirmed this protocol in his now-infamous missive “A Message To Our Customers.”
“When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case,” Cook wrote in the letter.
As noted in the court’s original motion, the FBI executed a warrant and obtained iCloud information from Apple, dated until October 19, 2015.
To be clear, there are two concepts in play here: security and privacy. Both are important ideas to consider, but the motivations behind them are separate.
Security is making sure people (the government, Apple, or third parties) don’t have the means to access any device, and privacy is making sure the user data retained on Apple servers are not seen by anyone but the users. In a way, security begets privacy.
Comments
Post a Comment