Short answer
iCloud-backing-up a wallet app's data is convenient but introduces a critical dependency: your wallet's security now depends on your iCloud account's security. If iCloud is compromised, the wallet is compromised. For low-value wallets (under $5K), this is an acceptable tradeoff for the recovery convenience. For meaningful holdings, the answer is no — keep wallets out of cloud backup and rely on the seed-phrase backup written on metal in a physical location.
What iCloud backs up
By default, iCloud Backup includes app data for most apps. For wallet apps, this means:
- Encrypted wallet file (the seed phrase, encrypted with your app password)
- App preferences
- Transaction history
- Address book
The encryption is real, but the encryption key is your app password — which is rarely 256-bit random. Most users set a 6-12 character password they can remember. If an attacker gets the encrypted backup, they can attempt offline brute-force at their leisure.
The iCloud attack surface
iCloud has three attack vectors:
Account credential theft. Phishing on Apple ID, credential stuffing from another breach. The Apple ID 2FA prevents most of this but not all.
Family Sharing or shared-device access. Spouse, kid, ex with iCloud password. They have access to backups too.
Compelled production. Law enforcement subpoena, foreign government court order, civil discovery in divorce. Apple has cooperated with valid legal process for years.
None of these are common, but they're more common than a hardware wallet being stolen.
Advanced Data Protection
Apple introduced Advanced Data Protection in late 2022, which encrypts most iCloud data end-to-end (Apple holds no decryption key). This significantly raises the bar on iCloud-resident wallet backups. Apple cannot decrypt the backup even under subpoena.
Enable this if you keep any wallet data in iCloud. Settings → [your name] → iCloud → Advanced Data Protection. Requires a recovery key (which you must back up separately) and a recovery contact (a person who can verify your identity to Apple in case of lost recovery key).
The "exclude from backup" option
Better than relying on iCloud encryption: exclude wallet apps from backup entirely. For each wallet app on iOS: Settings → [your name] → iCloud → Manage Storage → Backups → [your device] → toggle off the wallet apps.
This means iCloud has no copy of the wallet data. The only copies are the live app on your device and your offline seed-phrase backup. Lose the device, restore wallet from seed phrase. Slower than iCloud-restore but eliminates the cloud-resident attack surface.
The recommendation
For low-value daily-use wallets: iCloud backup is acceptable with Advanced Data Protection enabled. For any meaningful holding: exclude wallets from iCloud backup, rely on offline seed-phrase backup as the sole recovery path.
And the always-true rule: never put the seed phrase itself in iCloud, in any form — not in Notes, not in Photos as a screenshot, not in Pages, not in iMessage, never.
Further reading: Passkey, Cold wallet.