From Ars Technica:
Ars recently attempted to delve into the inner workings of the security built into Apple’s iCloud service. Though we came away reasonably certain that iCloud uses industry best practices that Apple claims it uses to protect data and privacy, we warned that your information isn’t entirely protected from prying eyes. At the heart of the issue is the fact that Apple can, at any time, review the data synced with iCloud, and under certain circumstances might share that information with legal authorities.
We consulted several sources to understand the implications of iCloud’s security and encryption model, and to understand what types of best practices could maximize the security and privacy of user data stored in increasingly popular cloud services like iCloud
Read on.
Source: Article Link