SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Apple Retains Notes Synced to iCloud after Deletion

Posted on June 23, 2017

Apple may be retaining deleted notes in iCloud without user knowledge or consent, according to a recent blog post from security software company Elcomsoft. If you use the Notes app on your Apple device and sync the notes to iCloud, there’s a chance that Apple is holding onto the notes indefinitely—even after you delete them.

Apple has a history of holding onto iCloud data past its deletion date. In the past, Elcomsoft has been instrumental in discovering these iCloud flaws. Last year, the company found that the iCloud Photo Library would retain deleted photos for several years after users had believed they were gone. In February of this year, meanwhile, Elcomsoft learned that even when users delete their Safari browsing history, iCloud continues to store it “indefinitely.”

The newest finding is along the same lines. According to the blog, iCloud retains deleted notes for an indeterminate length of time. iCloud users who frequently sync notes between devices may be aware that iCloud has a ‘Recently Deleted’ folder. This folder allows you to access deleted notes from the past 30 days. If you accidentally delete a note or end up needing to reference something you got rid of recently, you can use ‘Recently Deleted’ to recover those notes.

Elcomsoft, though, have found notes are being held well beyond what the ‘Recently Deleted’ folder reports to hold on to. By updating their Elcomsoft Phone Breaker software, the company could recover hundreds of notes going back beyond the 30-day retention period used for ‘Recently Deleted’.

Oddly, Elcomsoft discovered little consistency from one user to the next in how many deleted notes iCloud chose to retain. In some cases, the company could recover notes dating all the way back to 2015. Other accounts, meanwhile, “contained much less than that.” In all cases, though, iCloud was retaining notes that had been deliberately deleted by users.

The blog outlines a technique that users can implement to extract and view deleted notes using the Elcomsoft Phone Breaker. This strategy will at least help users see which deleted notes are still floating around in the cloud. As of yet, there is no tactic to get iCloud to delete these notes permanently.

However, there is some silver lining: Elcomsoft says that after they broke the news on the photo and Safari history retention issues, Apple was quick to patch iCloud to keep the system from storing that deleted content. We should expect Apple will likely soon issue a similar patch to stop iCloud from storing deleted notes indefinitely.

Join our mailing list for the latest security news and deals