Russian software company ElcomSoft is digging into Apple’s software again, and this time it reveals new info about iPhone’s famous Notes app. Apparently, Apple is retaining deleted notes in iCloud, even after the 30-day grace period.
Apple’s note-taking app allows for iCloud syncing, allowing users to access their notes on any Apple device using the Apple ID and password. If you delete a note in the app, the note is stored in the ‘Recently Deleted’ folder on iCloud.com for 30 days. After the grace period is over, Apple is supposed to destroy the note forever, from iCloud as well. However, ElcomSoft claims to have found that Apple is retaining these deleted notes in iCloud, even though they don’t appear in the ‘Recently Deleted’ folder. Elcomsoft used its Phone Breaker 6.50 software to demo the extraction of deleted notes from the iCloud server.
It says that not all notes were recovered from every account, however for some accounts; they were able to extract notes dated back till 2015. In others, they were able to access two week worth of notes (after the grace period), and the firm says it needs a larger data base to form concrete conclusions as to why this is the case.
“We discovered that Apple apparently retains in the cloud copies of the users’ notes that were deleted by the user. Granted, deleted notes can be accessed on iCloud.com for some 30 days through the ‘Recently Deleted’ folder; this is not it. We discovered that deleted notes are actually left in the cloud way past the 30-day period, even if they no longer appear in the ‘Recently Deleted’ folder,” the firm explains in its blog.
If history is any testimony, Apple will rectify this bug as soon as possible, however it hasn’t acknowledged it till now.
Apple retaining information in the iCloud servers in so many instances does raise a red flag over the company’s intention with the company. ElconSoft also suggests that Apple may not be actually destroying deleted records but is simply hiding them or moving to a different server. Why that is? Your guess is as good as ours.
ElcomSoft has found previous iCloud flaws in the past. Last year, then company reported Apple had ended up weakening the password security of iOS 10 backups, compared to iOS 9. Apple admitted the flaw, and issued a fix. The company also claimed Apple was storing call logs on iCloud servers without an easy opt-out method. In the past, ElcomSoft had also unveiled a bug about deleted photos being kept in iCloud Photo Library for years, and Apple was prompt to making those images disappear. In another instance, the firm discovered that Safari browsing history records were never deleted from the cloud and Apple patched that as well.