Apple has confirmed it is using Google's cloud storage services to hold iCloud user data, with a notification in a security document effectively acknowledging rumors from 2016 suggesting Apple is paying Google alongside other major third-party companies for access to their cloud infrastructure.
Apple's iOS Security Guide, last updated in January but only recently reported by CNBC, advises to readers that user files are stored "using third-party storage services, such as S3 and Google Cloud Platform." While previous versions did mention that Amazon's web services, including S3, were being used for iCloud storage, the January publication is the first time Apple mentions the usage of Google's cloud services.
Also of note is that earlier versions of the same document mentioned the use of Microsoft Azure, another cloud platform, but in the document in question, there is no mention of Azure at all. While the replacement of Microsoft Azure for a reference to Google Cloud Platform may suggest a change in Apple's cloud storage strategy, it is worth noting that Apple namechecks Google and Amazon as an example of the third-party storage services it uses for iCloud, and that this could still include Azure.
In 2016, it was rumored that Apple was looking to move from Amazon Web Services to Google Cloud Platform for part of its iCloud data storage needs, alongside its existing iCloud data centers. At the time, it was reported that the deal to shift from AWS to Google was worth between $400 million and $600 million.
Aside from the earlier rumors, it is unknown exactly when Apple started using Google's services as the document was previously updated in March 2017, giving a ten-month window for when it took place.
According to the document, files including photographs, documents, contacts, and other items, are broken into chunks when stored within iCloud, with each chunk encrypted using AES-128, using a key derived from each chunk's contents using SHA-256. While the keys and the file metadata are stored by Apple in the user's iCloud account, the encrypted file chunks are handled by the third-party cloud services, without any user-identifying information passed along to the storage vendors.
The use of third-party cloud infrastructure is likely to be a temporary situation, as Apple is working to increase the number of data centers it operates around the world, including centers in Ireland, Denmark, and the United States. Following changes to Chinese cybersecurity laws, Apple has opened a secondary data center in China operated by a local partner, and has started the process of moving iCloud data for customers based in China to servers located within the country.
17 Comments
Ho boy...
having worked in computer outsourcing for 20 years, I have my doubts about this. Not that the headline is not technically true, but that it is misleading.
There is an enormous difference for a customer between using third party's datacenters and equipment to store and process their data while maintaining their own policies and procedures for the data versus downloading your data to a third party for them to manage and control.
While, quite obviously this means that Apple data was on Google equipment, this does not (automatically) mean that it wasn't under the control of Apple with their own policies and procedures in place to protect it.
I will reserve judgement on this until we know more. But, for the time being, I give the benefit of the doubt to Apple.
Well... THAT’S disappointing.
Not OK.