PSA: Updating to MacOS Sonoma or iOS 17 May Enable iCloud Keychain
Mac users, iPhone users, and iPad users, should all be aware that updating to macOS Sonoma 14, iOS 17, or iPadOS 17, may silently enable iCloud Keychain on their devices. Essentially this means that by updating to the latest iOS, iPadOS, or MacOS, you may be unintentionally enabling the feature and thereby uploading your saved keychain and login information to Apple’s iCloud servers. If you like and use this feature, obviously that’s not an issue, but if you don’t use iCloud Keychain and don’t want to use it, having it enable itself after updating system software may be considered problematic, or a nuissance.
What is iCloud Keychain anyway? Why does this matter?
iCloud Keychain is a very useful feature in that it syncs your passwords and login information between your Apple devices, making it easy to manage passwords, view login details, and handle authentication across all of your devices. It does this by syncing your saved login information to iCloud, and then out to your other devices – if you save a login on your Mac, it will sync to your iPhone, and vice versa, for example. It’s a very convenient feature for iPhone, iPad, and Mac, there’s no doubt about that.
However, not every person wants to use iCloud, let alone upload their authentication information, login details, and passwords, to Apple’s iCloud servers (and by proxy, putting on a tin foil hat, theoretically any thing, organization, or entity that has access to that data or those servers by varying means, potentially whether encrypted or not) either out of concerns about privacy, security, or even merely philosophical, or perhaps because you already use another cloud-based password manager solution.
If you’re concerned about the privacy ramifications, Apple’s documentation for iCloud Keychain reminds us of the following:
“iCloud Keychain is secured with 256-bit AES encryption during storage and transmission, and its data can’t be read by Apple.”
Apple notes the iCloud data can’t be read by Apple, however there are reports by surveillance firms of other agencies gaining access to data from iCloud backups, muddying the waters of what can and can’t be accessed and by whom.
Updating to MacOS Sonoma, iOS 17, or iPadOS 17, Automatically Enables iCloud Keychain
Apple developer Jeff Johnson noticed this “bug” happening originally over a year ago, and discovered it yet again when updating from macOS Ventura to MacOS Sonoma, expressing the following sentiment that is undoubtedly shared by others:
“On principle, I should not have to upload my data to Apple if I don’t want. Apple advertises itself as the “privacy” company, but uploading user data to Apple’s servers without notice or consent is a gross violation of privacy.”
But it’s not just macOS Sonoma and Macs, it’ll happen on iPad and iPhone too, as @mysk on Mastadon discovered the same for iOS 17 and provided a demonstration video showing this happen:
Is this a bug or expected behavior? Many users want direct control over what features are enabled on their devices, particularly regarding their information being uploaded to the cloud.
I use iCloud Keychain anyway, what’s the big deal?
If you already use iCloud Keychain, as many of us do, then you likely won’t mind that the feature is being enabled during software updates, because it’s already enabled on your devices anyway.
There are some situations where it could still be problematic for users who do actively use iCloud Keychain to find it enabled automatically on another device after a software update however. For example, perhaps you use the same iCloud information on a childs iPad or a household Mac, but you don’t want your personal data and passwords syncing to those devices. Do you want your 5 year old to be able to accidentally login to your brokerage account and tap around wildly until they buy AAPL options on margin? A relatively absurd hypothetical, but crazier things have happened!
I don’t want this on, how do I turn off iCloud Keychain again?
If you do not use iCloud Keychain to manage your passwords, and you do not want to use the feature to manage and share your login information across your devices, you can disable iCloud Keychain manually, or confirm that the feature is not enabled on your device
On iPhone and iPad, go to Settings > Your Name > iCloud > Passwords and Keychain > switch from “ON” to “OFF”
On MacOS, go to Apple menu > System Settings > Your Name > Passwords and Keychain > switch from “ON” to “OFF”
Do you use iCloud Keychain? Do you not use iCloud Keychain but found it enabled on your device after updating to the latest system software versions? For what it’s worth, it’s not just iCloud Keychain that gets turned on after software updates, as MJTSai notes it also happens with Bluetooth. Whether any of this matters to you depends on a variety of factors, but at least be aware of the possibility so that you can make your own decisions.
Thank you for giving us this information. Apple has a bad habit of turning things on that we have turned off and not telling us about them.
If I read your article correctly even though I opt to not use iCloud for retaining and syncing my Keychain Passwords, the passwords that were already moved to iCloud without my knowledge will remain there.
Is this correct?
Is there anyway I can remove them?
Thanks for your help,
Jim Coleman
Just go into iCloud Settings and see if Keychain is enabled but you did not turn it on, if you disable it then it will remove them from iCloud.
Personally I have updated a few computers and iPhones to Sonoma and iOS 17 and not had this happen, so it does not seem like a universal situation.
1. How do I stop iCloud from backing up any external drives I use with my computer???. Not only does iCloud back up, but it makes duplicate backups.
2. How do I permanently disable iCloud from invading my computer?
never enable iCloud on your devices because why would you want to store your data on somebody elses computer? Install Little Snitch and block it all. Also install PIHOLE on your network to disable it on a DNS level too