To download and view data from your iCloud account, you'll need your Apple ID and password. If you have two-factor authentication (2FA) enabled on your iCloud account, iPhone Backup Extractor will prompt you for the confirmation code when you access your account.
Reincubate iPhone Backup Extractor will download your Apple account's iCloud backup snapshots and merge them into a complete iCloud backup, stored in iTunes' backup format. An iCloud backup almost always contains the last 3 stored backups or snapshots (incremental backups for faster downloading and uploading). This lets you access your iCloud backups offline from your PC. The iCloud backups are placed in the iTunes backup default folder.
Is accessing iCloud backups safe?
Yes, it is. We don't store or retain data as part of the process.
After accessing a 2FA-protected iCloud account for the first time, you won’t always receive 2FA prompts when you access the account subsequently. This is because logging in to iCloud account involves establishing a trust relationship with Apple’s servers, and iPhone Backup Extractor saves that trust information to your PC or Mac for subsequent logins. This is similar to the way your phone is able to access the iCloud without you having to manually enter a 2FA challenge code every time.
The keys which enable us to maintain this trust relationship with Apple are securely stored on your computer. If you would like to remove or examine them, on Windows they can be found in the registry at
HKEY_CURRENT_USER\Software\iPhone Backup Extractor\iCloud Sessions, and on Mac in the folder
~/.reincubate/iPhone Backup Extractor/iCloud Sessions/.
Where are iCloud backups stored?
iCloud backup data is stored in a variety of places by Apple. They use their own storage servers, as well as Microsoft's (Azure), Google's (GCP), and Amazon's (AWS). They do this in encrypted form, and Apple holds the encryption keys to access data from your iCloud backup. Apple publish further information on how they secure the iCloud.
Does this comply with GDPR?
Yes, fully. We do not store or retain user data: our technology helps users access their own data. As such we are a "data processor" under the GDPR regulations. We fulfil our obligations by only processing data where you (the user of the software) have asked us to.
It is your responsibility to ensure you are processing data in accordance with GDPR. In most cases if you are accessing your own account this is not an issue, however if you are accessing an account that belongs to another individual you must either have their explicit consent to do so, or you must be satisfied you have a lawful basis to access the account.
For more information on the General Data Protection Regulations see our article on the subject.