Dear Lazyweb, what's the deal with security of iCloud-synched Notes on iOS 10?

In previous versions of iOS, Notes were synched via IMAP. This means that to store them in iCloud, you had to have iCloud email configured. I didn't, and don't, so I only had the option of storing my notes on my own IMAP server, not on iCloud. Which sounds fine, except that it was unreliable: if I edited the same note from more than one device, I would end up with duplicate copies of the note due to merge conflicts like half of the time. I never figured out how to reproduce this, but it was a constant hassle.

But with iOS 10 I see that I now have the ability to sync my Notes through iCloud without having iCloud email set up. This suggests to me that Notes are now synched to iCloud through some mechanism that is not IMAP, and that might therefore work more reliably, so I'm giving that a try to see how that works out.

My question is, do any of you know what that new mechanism is, and what kind of crypto is involved? Specifically, does this give apple the ability to read my Notes?

I am not asking "do they promise not to", I'm asking "do they have the ability to do so, e.g., in response to a subpoena." For example, I think the current belief is the Apple cannot intercept and decode the content of your iMessages, unless you are using iCloud to back up your phone instead of backing up to your Mac, in which case they can, because they can decode the copy of those messages that ends up in the iCloud backup. I am asking whether Notes fall under the "iMessage" crypto regime (private keys exist on the device, public keys on the server) or the "backup" crypto regime (Apple holds the private keys).

(If the answer is "Yes, Apple can read your Notes", that won't necessarily stop me from using iCloud for Notes sync, but I'd like to know.)

(Some of you are dying to tell me about some third party app that you like more than Notes. I am happy for you but please don't.)


Tags: , , , ,

14 Responses:

  1. Scruffy says:

    Last I looked Apple can intercept your imessages if they wanted, they control the device->crypto key bindings. They could add a fake device that mirrors messages or just change the key used for your device for active mitm.

    • jwz says:

      Yeah, and they could in theory push a software update to my phone with a keylogger in it, or switch everything to null cyphers. But Apple's behavior in the FBI case makes me think that the chance that they are in the habit of doing that sort of thing is pretty low, and that their security team is in fact operating in good faith.

      But something somewhere probably has a buffer overflow exploit in it. And I haven't personally audited every line of code running on my phone. And and and.

  2. Douglas Knight says:

    You can access your notes at just with your password, so unless the keys are derived from the password, they aren't really encrypted.

    • jwz says:

      That does seem to answer the question, yes.

    • jwz says:

      Actually, no, because you have only one iCloud password and it's the same on the web site and on the device, so it could in fact be the master password for a private key that is not usable without brute-forcing that password.

      • Douglas Knight says:

        Yes, it is possible, but I think it is unlikely because it is a bad design, not least because most people's passwords can be brute-forced. Here sources imply that Apple can access everything on icloud except keychain, for which documentation explicitly mentions public key crypto and which appears to be pretty much like imessage.

        They offer an additional password that they seem to say can't be read by Apple. I think that you can achieve what you want by using this, putting a lock on each note but leaving it unlocked on the device. This incurs the per-note cost of turning on the lock, but no per-view cost of unlocking it (well, a per device cost of unlocking it).

  3. Sk says:

    No. This implies they need to cache password or decrypted private key to support page refresh and navigation to different note our document.

  4. You can encrypt individual notes with a separate password. It's buried in a weird spot in the action/share button. It will warn that it's unrecoverable so I would assume Apple does not have that key.

    In the default case, I would assume Apple does have the key. Their site says it's 128 bit AES but they won't share the key.

  5. Darren says:

    According to WWDC 2015, Apple has switched their Notes backend to CloudKit as of iOS 9.

    Apple has access to your CloudKit data, including Notes. Apple will give you or anyone else access to that data if they receive the correct account info or are otherwise convinced to reset your account.

    As of iOS 10, Apple also offers encrypted notes. You can decide to encrypt notes on an individual basis. If you choose to encrypt a note it's encrypted with a password of your choice, separate from any Apple account, and can only be decrypted with that same password. Apple can't read or restore these notes if you do not provide the correct password. Encrypted notes are synced between your iOS and Mac devices using CloudKit, but cannot be decrypted without the password.

  6. rexpop says:

    I believe Notes now uses CloudKit to sync data. The iOS security guide that Apple publishes has a section about how that is secured. I've not seen an update for iOS 10.

  7. jet says:

    Ah, this is why some of my Notes don't sync on my older equipment, I didn't realize you had to have Mail synced for Notes.

  8. Ben says:

    (Not sure if your post means that you have already upgraded to iOS 10 or not. If you have, this comment is probably a waste of your time!)

    FWIW, Notes still does support the IMAP mechanism too, the notes app on my computer and phone separate the notes by iCloud/email. Logging into only shows the icloud notes, so at least they haven't just changed the syncing mechanism wholesale and scooped up all your previously private notes into their cloud.

    So, it's possible that with the IMAP support continuing, Apple may have fixed some of the duplication/conflict bugs that you were running into.