Apple confirms use of Google cloud services to store iCloud user data
Apple has confirmed it is using Google's cloud storage services to hold iCloud user data, with a notification in a security document effectively acknowledging rumors from 2016 suggesting Apple is paying Google alongside other major third-party companies for access to their cloud infrastructure.
Apple's iOS Security Guide, last updated in January but only recently reported by CNBC, advises to readers that user files are stored "using third-party storage services, such as S3 and Google Cloud Platform." While previous versions did mention that Amazon's web services, including S3, were being used for iCloud storage, the January publication is the first time Apple mentions the usage of Google's cloud services.
Also of note is that earlier versions of the same document mentioned the use of Microsoft Azure, another cloud platform, but in the document in question, there is no mention of Azure at all. While the replacement of Microsoft Azure for a reference to Google Cloud Platform may suggest a change in Apple's cloud storage strategy, it is worth noting that Apple namechecks Google and Amazon as an example of the third-party storage services it uses for iCloud, and that this could still include Azure.
In 2016, it was rumored that Apple was looking to move from Amazon Web Services to Google Cloud Platform for part of its iCloud data storage needs, alongside its existing iCloud data centers. At the time, it was reported that the deal to shift from AWS to Google was worth between $400 million and $600 million.
Aside from the earlier rumors, it is unknown exactly when Apple started using Google's services as the document was previously updated in March 2017, giving a ten-month window for when it took place.
According to the document, files including photographs, documents, contacts, and other items, are broken into chunks when stored within iCloud, with each chunk encrypted using AES-128, using a key derived from each chunk's contents using SHA-256. While the keys and the file metadata are stored by Apple in the user's iCloud account, the encrypted file chunks are handled by the third-party cloud services, without any user-identifying information passed along to the storage vendors.
The use of third-party cloud infrastructure is likely to be a temporary situation, as Apple is working to increase the number of data centers it operates around the world, including centers in Ireland, Denmark, and the United States. Following changes to Chinese cybersecurity laws, Apple has opened a secondary data center in China operated by a local partner, and has started the process of moving iCloud data for customers based in China to servers located within the country.
Apple's iOS Security Guide, last updated in January but only recently reported by CNBC, advises to readers that user files are stored "using third-party storage services, such as S3 and Google Cloud Platform." While previous versions did mention that Amazon's web services, including S3, were being used for iCloud storage, the January publication is the first time Apple mentions the usage of Google's cloud services.
Also of note is that earlier versions of the same document mentioned the use of Microsoft Azure, another cloud platform, but in the document in question, there is no mention of Azure at all. While the replacement of Microsoft Azure for a reference to Google Cloud Platform may suggest a change in Apple's cloud storage strategy, it is worth noting that Apple namechecks Google and Amazon as an example of the third-party storage services it uses for iCloud, and that this could still include Azure.
In 2016, it was rumored that Apple was looking to move from Amazon Web Services to Google Cloud Platform for part of its iCloud data storage needs, alongside its existing iCloud data centers. At the time, it was reported that the deal to shift from AWS to Google was worth between $400 million and $600 million.
Aside from the earlier rumors, it is unknown exactly when Apple started using Google's services as the document was previously updated in March 2017, giving a ten-month window for when it took place.
According to the document, files including photographs, documents, contacts, and other items, are broken into chunks when stored within iCloud, with each chunk encrypted using AES-128, using a key derived from each chunk's contents using SHA-256. While the keys and the file metadata are stored by Apple in the user's iCloud account, the encrypted file chunks are handled by the third-party cloud services, without any user-identifying information passed along to the storage vendors.
The use of third-party cloud infrastructure is likely to be a temporary situation, as Apple is working to increase the number of data centers it operates around the world, including centers in Ireland, Denmark, and the United States. Following changes to Chinese cybersecurity laws, Apple has opened a secondary data center in China operated by a local partner, and has started the process of moving iCloud data for customers based in China to servers located within the country.
Comments
There is an enormous difference for a customer between using third party's datacenters and equipment to store and process their data while maintaining their own policies and procedures for the data versus downloading your data to a third party for them to manage and control.
While, quite obviously this means that Apple data was on Google equipment, this does not (automatically) mean that it wasn't under the control of Apple with their own policies and procedures in place to protect it.
I will reserve judgement on this until we know more. But, for the time being, I give the benefit of the doubt to Apple.
Apple has far less of an issue with Google than some fans do. If Apple trusts them why would some small number of fans here do the "but...But... Google" dance. You do trust Apple to make the right decisions, correct?
(I missed you all -- this was enough to bring me back in -- flame away)
So, they buy from everyone.
If there is something to be worried about it’s not Google it’s the “encrypted file chunks are handled by the third-party cloud services”.
We have no idea who the ‘third-party” is, but I sounds like everything is treated as ‘security first’.
I’m not sure why people are surprised, you want the data as close to the end user as possible. Building out that infrastructure is a massive undertaking. In many countries, the data legally needs to be stored locally.
Google’s focus has been low latency (fast searching) from the get go. It makes sense Apple would utilize that infrastructure until they could built out there own, as they shift from a ‘hardware/softwares’ company to include services/ecosystem.
In other words, nothing to see here.
What should be followed closely is covered in the other article:
Microsoft's international data privacy fight moves to U.S. Supreme Court
Apple's awesome but they can never beat physics.
I've used Google for mail, browsing and search for nearly a decade and have never seen any indication that they are misusing my data.
I have no problem with Apple using Google data centers. I know Steve said Android was basically a stolen product, but that is just the way business works. As soon as a competitor comes out with an innovation, everyone else follows suit. You can't depend on a patent to protect much of anything these days because there are a thousand ways to skin a cat.
2) Not even Steve was arrogant enough to believe that Apple always made the right decision.
So, yes, it does matter...
... Unless you don't care about your data and/or you have absolute faith in Google...
I very much doubt that Apple just dumped the data there and walked away saying "Good luck with it Google". I am sure that the data is segregated and that they imposed their own policies and procedures over it. But, that is certainly not clear from the article. Actually, the opposite.
... But I agree, the optics on this are horrible.
Typically Google has a completely different approach for its paid services it is offering to the business market then for the free services it is offering to the end consumer. In the former, there is full data protection policy in place, in the latter Google is using data mining techniques to feed its AdWords service. A lot of people are objecting the data privacy rules of e.g. the free Gmail service, but it does not mean the same objection is valid for the Google Cloud Platform
https://cloud.google.com/access-transparency/