Encryption and sync

Viewing 4 reply threads
  • Author
    Posts
  • September 24, 2018 at 10:31 PM #30756

    Drew Allen
    Participant

    I have Tap Forms on my Mac and iPhone. On my Mac, I turned on encryption in one of the documents. When I went back to my iPhone, my data still synced without prompting me for a password. This leads me to believe that the document wasn’t uploaded to iCloud in an encrypted state. There’s no other way I’d be able to see that data. If this is the case (data not being uploaded encrypted), then what would be the use of encryption?

    I only found one other topic on this from years ago, but it still doesn’t make complete sense. https://www.tapforms.com/forums/topic/encryption-maintained-during-icloud-sync/

    Any help on clarifying this would be much appreciated.

    Thanks

    September 25, 2018 at 12:25 AM #30757

    Brendan
    Keymaster

    Hi Drew,

    When Tap Forms establishes a connection with Apple’s CloudKit servers for syncing, that connection is encrypted. The data stored on Apple’s CloudKit servers is encrypted according to Apple’s iCloud security page here: https://support.apple.com/en-ca/HT202303

    CloudKit is the underlying infrastructure that’s used by iCloud Drive. So in the above page Apple doesn’t mention CloudKit, but they do mention iCloud Drive. So according to Apple, the data is encrypted in transit and while sitting on the server.

    When Tap Forms reads the data from disk, it’s reading an encrypted disk, but it decrypts the data as it loads it into memory. It’s this data that’s synced to iCloud.

    When you sync to another device, the data is read from Apple’s CloudKit servers using your own iCloud credentials. That data is then transmitted to Tap Forms on your other device over a secure, encrypted SSL connection.

    When the data is then stored in the Tap Forms database, whether it is encrypted or not depends on whether the document you are syncing has its encryption enabled or not. So in order to have everything fully encrypted, you’ll need to just make sure you’ve enabled encryption for that document on all your devices.

    Yes, that means that if someone were to get a hold of your iCloud username and password, they would be able to get access to the Tap Forms database documents in an unencrypted state. But that goes the same for your iCloud Drive files, your Mail account, your Calendar, Notes, and Reminders, etc. Basically anything in iCloud.

    The encryption that Tap Forms provides is “on-device encryption”, which is determined by you if you have the encryption enabled or not for the documents you’ve created.

    Hope that makes sense.

    Thanks,

    Brendan

    September 25, 2018 at 7:47 PM #30759

    Drew Allen
    Participant

    Hi Brendan,

    Thanks for the detailed answer. This explains it very well. I was under the impression that the database was sync’d with iCloud in an encrypted state (essentially making it end-to-end encrypted). As you said, this would leave it open to anyone with your Apple account credentials reading the data. Apple could also read it if they wanted to.

    Do you anticipate ever making this end-to-end encrypted?

    September 26, 2018 at 1:01 AM #30760

    Brendan
    Keymaster

    Hi Drew,

    It’s certainly doable, but it presents problems if you decide to change your encryption key on one device, but not on all the devices. Because each device can have its own key, if one device has key 1 and then syncs, and device 2 has key 2 and syncs, now you could have a situation where you’ve got data in iCloud that has 2 different keys. It would be impossible for the devices to decrypt the data generated from the other devices.

    So that’s one problem at least. I’m sure there may be others.

    Thanks,

    Brendan

    September 26, 2018 at 8:38 PM #30787

    Drew Allen
    Participant

    I was thinking more along the lines of something like 1Password. There’s an encrypted vault that syncs, and regardless of wherever it is, it requires the same password to unlock. If the password to the vault is changed on one device, the new password would need to be entered to get into it on another device (after it syncs). I know this is a much different app than Tap Forms, but just communicating the concept of a “portable” database that has its own encryption key.

    So, this is my vote for that type of feature (essentially end-to-end encryption). Thanks for being so responsive with your communication. Tap Forms is an extremely useful app, and it’s awesome that you are so dedicated to maintaining and improving it.

Viewing 4 reply threads

You must be logged in to reply to this topic.