How secure are iCloud backups?
Solution 1:
ArsTechnica just wrote a great piece on this.
A quick outtake:
The simple answer is that your data is at least as safe as it is when stored on any remote server, if not more so. All data is transferred to computers and mobile devices using secure sockets layer via WebDAV, IMAP, or HTTP. All data except e-mail and notes—more on that later—are stored and encrypted on disk on Apple's servers. And secure authentication tokens are created on mobile devices to retrieve information without constantly transmitting a password.
And backups are stored and transferred encrypted. As for an employee being able to access a backup, only an Apple employee would be able to correctly answer that.
If an App was pulled from the store, they may not need to actually go into your backup to remove it. All apps have a unique identifier, and if anything they can just delete that backup for everyone (think of the backups being stored individually rather than a big ZIP file if you will). Again, this is internal to Apple so no one can fully answer that part.
Finally, backups do include the Keychain, but this is also encrypted and the key is tied to the device that did the backup.
From various places I have read online, Apple meets or exceeds (more often the case) standard security procedures in this regard.
Solution 2:
The good news. Data is encrypted using SSL while it is transferred between your computer and the iCloud servers. Also, data is encrypted while it is "at rest", stored on the iCloud servers (with some exceptions; see below). Encryption is invisible, easy to use, and automatic (on by default).
The less-good news. iCloud uses server-side encryption, not client-side encryption. When sending data to the cloud, it gets encrypted on your machine with SSL, then decrypted at the iCloud servers, then re-encrypted using an encryption key that Apple knows for storage. This means that Apple employees have the technical ability to read your data. There may be procedural, technical, or policy controls to make this unlikely, but the capability is there. That means that if Apple's cloud ever gets compromised by a sophisticated attacker, the attacker could potentially access all your data. In other words, any data breach or accident on Apple's part could potentially expose your data. This may not be too likely, but given that even respected companies like Google have been breached, a breach or other exposure of the iCloud servers is not unthinkable.
Email and notes are not stored in encrypted form, while on Apple's servers. Email often contains sensitive information -- e.g., account passwords, reset links -- so this is a bit dangerous.
If law enforcement asks Apple for a copy of your data, Apple will share it with them. Apple won't necessarily require a warrant. EFF gives Apple only one out of four stars for protecting user data in its report, When Government Comes Knocking, Who Has Your Back?, and dings Apple for not being transparent about government requests for access to your data and not telling users when their data has been disclosed to the government.
The risks are not limited to government requests. If you get sued, or end up in a contentious divorce, the opposing party's lawyers could subpoena your data from Apple, and Apple would be required to disclose it to them. Note that the threshold for a subpoena is relatively low: primarily, that the data has a likelihood of being relevant to the case.
The security of your data on iCloud is only as good as the passphrase on your Apple ID. Therefore, if you want your data to be secure, you need to choose a long and strong passphrase. Unfortunately, there are some aspects of the current systems that tend to nudge users towards choosing short, weak passphrases. The OS refuses to store this passphrase in the keychain, requiring you to type it in frequently. If you use an iOS device, you will frequently need to type in your Apple ID passphrase (e.g., every time you install or update an app). Because entering a long and strong passphrase is a major pain on an iPhone, many users may end up choosing a short, poor passphrase just for convenience sake -- which unfortunately leaves their iCloud data poorly secured. So, the current design may tend to encourage many users to use a weak password, leaving their data at risk.
Further reading. The Economist has an excellent argument summarizing the security implications of storing your data on the cloud, and the different levels of security afforded by different providers; for comparison, iCloud is similar to DropBox in its security properties, and weaker than SpiderOak. To help understand why Apple might have chosen the particular architecture it did, you might enjoy Ben Adida's blog article: Encryption is not gravy; it has significant implications for usability..
Summary. iCloud's security practices are largely in line with mainstream practice in this area. iCloud appears to have a reasonable and professionally designed security architecture. While there are some security risks, for most people, iCloud's security is likely to be good enough, and the convenience benefits of iCloud will likely outweigh any risks for most folks.
However, storing your data in the cloud does increase the risk. For some particularly-sensitive users -- e.g., health records, financial institutions, or other companies with sensitive data -- it might be prudent to avoid storing the most sensitive data in the cloud.
Solution 3:
Documentation does exist covering this topic. Note:
iCloud Security
iCloud secures your content by encrypting it when sent over the Internet, storing it in an encrypted format, and using secure tokens for authentication.
You can find more at:
http://support.apple.com/kb/HT4865
You probably should not send your passwords to a cloud server, though. In any case this is a poor choice as far as your security and information are concerned.