system design · system-design
Design iCloud Photo Library Sync
Cross-device sync, conflict resolution, on-device + cloud, privacy-preserving. Apple signature SDI.
Theory
Explanation
Intuition first, formal definition second. Skim the bullets if you already know this; read the prose if you don't.
Photos taken on iPhone appear on Mac and iPad within seconds. Originals stored in iCloud; devices keep optimized thumbnails to save space. Sync is per-asset delta, end-to-end-encrypted (Advanced Data Protection opt-in).
Each photo = asset with: original image, derivatives (thumbnails per size), metadata. CloudKit per-record storage, per-Apple-ID database. Device subscribes to change tokens; CloudKit delivers delta via APNs push. "Optimize Mac Storage" replaces local originals with thumbnails when disk fills, fetches on-demand. ADP encrypts asset data with device keys, server only sees ciphertext.
When to use
Personal photo libraries, cross-device sync at consumer scale.
When not to
Enterprise file sync (OneDrive/Drive better). Editing workflows (Lightroom-style).
flowchart LR iPhone([iPhone]) -->|upload| CloudKit[CloudKit] CloudKit --> Store[(Asset Store · per-user)] CloudKit --> CK[Change Tokens] CK -.APNs.-> Mac[Mac] CK -.APNs.-> iPad[iPad] Mac -->|fetch delta| CloudKit iPad -->|fetch delta| CloudKit Mac --> Local[(Local DB · optimized)]
Key insights
- Change tokens are opaque cursors, clients store last token, request "since" delta.
- APNs is the wake signal; delta fetch is the data transfer.
- Optimize Storage: devices hold derivatives; original fetched on view/edit.
- ADP: server cannot read assets, sync uses encrypted derivatives.
- Conflict: edits to same photo from two devices saved as duplicates, user chooses.