The iOS Security Guide was updated last month to indicate that Apple is now using the Google Cloud Platform for iCloud storage. The company has long used Amazon’s S3 alongside Microsoft Azure, but a reference to the latter service has been replaced by one to Google’s cloud storage service …
Data stored on Google may include contacts, calendars, photos, videos, documents and more, but Apple is keen to stress that Google has no means of accessing that data.
Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk’s contents that utilizes SHA-256. The keys and the file’s metadata are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as S3 and Google Cloud Platform.
All Google would see is meaningless encrypted data, with no way to tie even that to any particular individual. Apple doesn’t go into specifics about its use of third-party servers, so it’s possible that the same user data is spread across more than one platform.
The iOS Security Guide is a document Apple uses to explain the measure it takes to ensure the security of iOS and the privacy of its customers.