Group Group Group Group Group Group Group Group Group

CloudKit permissions in public database vs private

I just finished the Beginning CloudKit video tutorial and one thing that’s not clear to me is how permissions/security works in the public vs private database. To help with my question lets assume I want to build an app like Instagram where if you set your account to be private, only followers you’ve allowed can see your data.

The question is can you securely segment the public database “in the app” such that only followers can “view” your data? Because of the amount of data that could be potentially generated, I would like it to use the public database so users aren’t running out of private storage.

I’ve read a few places that the data isn’t really public in the sense that only people using the app can see it and then only when your app lets them. That feels a bit hand wavy without some more knowledge of what’s going on under the covers so I’m trying to determine if the only way to do this properly is to use Private + Shared databases and have the users pony up for extra iCloud storage?

Thanks for any intel!