1Password iOS has privacy problems? because the deleted data is not really deleted.

[greattrika]

Hello users,

I have found a possible privacy problem:

https://www.reddit.com/r/ios/comments/853aj1/1password_ios_does_not_completely_delete_the/

hello I have experienced this.
if you delete the logins in iOS version, they are actually only moved in the trash. On iOS version you can't see the trash (function is missing). but the logins stay in the trash forever, which means it automatically stays in the vault file.
you can only see this data if you use the Mac version. because here you have the trash function.
I find it personally very questionable about privacy. What if someone has successfully hacked my vault file? Or someone sees me using 1Password iOS on the iPhone and steals my iPhone immediately and activates wifi sync for Mac version.
Notes: I am very sure many users cannot fix this problem. Because I have iOS devices only. No a Mac or PC! In this case a iPad Pro 10.5 and iPhone X.

Here a other users discusses with a 1password member
https://discussions.agilebits.com/discussion/comment/417440

I can reproduce this problem, what the users mean. if you delete logins etc. they are not really deleted.
but are in the trash, which is not visible in the iOS version. only visible on the desktop version.

Here easy tutorial, how can you see this:
1. Create a login under 1Password iOS.
2. Delete the login.
3. Sync this vault from 1Password iOS with the 1Password macOS or OS X e.g. via Dropbox, iCloud Drive or Wifi Sync.
4. You can see in the 1Password macOS/OS X the login is not deleted. The login is in the trash.


What do you say?

 

[Apple_Robert]

The data on iOS is not accessible. As long as your master password is secure, there isn’t a problem.

 

[MacDawg]

What do you say?

I say if someone successfully hacks your Vault file or steals your iPhone (and gains access to it) you have bigger problems than deleted logins in the trash bin of 1Password

 

[NoBoMac]

I say if someone successfully hacks your Vault file or steals your iPhone (and gains access to it) you have bigger problems than deleted logins in the trash bin of 1Password

This.

If the passcode on your device is so weak in addition to a weak passcode for you password file, you got bigger problems and it is all on you.

Eg. my phone has a alpha-numeric, mixed case, special characters 12 character passcode. My password file (mSecure) is a char 24 in length and setup to make a dictionary crack difficult.

Too lazy to dig into 1Password sync mechanism now, but if like mSecure, I am syncing via Dropbox, which is encrypted at rest, password is random 25 char mixed, special, digits. Two-factor authentication on. Password file is encrypted locally with 256 bit AES before sending. In other words, lots of encryption/security to get through. If you have weak passcodes, you get what you deserve.

 

[ddrulez]

Use a strong Master password to protect your logins.
I can't see a problem here. Passwords in trash are outdated as well and not in use anymore.

 

[AppleMatt]

I can reproduce this problem, what the users mean. if you delete logins etc. they are not really deleted.
but are in the trash, which is not visible in the iOS version. only visible on the desktop version.

...

What do you say?

I agree with you. If the app leads the user to believe they are or have deleted their data, but in fact they have not, that's not cool. Good find!

AppleMatt

 

[mailbuoy]

I agree with you. If the app leads the user to believe they are or have deleted their data, but in fact they have not, that's not cool. Good find!

AppleMatt

It seems to me that this is much ado about nothing.

Quoting Brent, AgileBits Team Member, in the discussion referenced by OP:

"What "cracked vault"? All of this data is encrypted in 1Password, whether or not it's in the vault, in the Trash, or the fully deleted data is on disk because you haven't secure erased the whole thing, and the only way anyone can do anything with it is if you give them your Master Password, or use one that is easily guessable."

So, if I understand correctly, 1Password data deleted from a vault goes to the 1Password trash can, which you can't see on the iOS version. But, it is still encrypted the same as when it was in the vault. So, it is as secure as all the data you originally entrusted to 1Password in the first place.

If I am correct, I don't really see the issue. And, if I am wrong I am sure I will learn that soon!

 

[chabig]

If I am correct, I don't really see the issue. And, if I am wrong I am sure I will learn that soon!

You are correct. There is no issue here.

 

[Apple_Robert]

I think the OP was reading Reddit and came across the story, or the OP is the author of the posts on 1Password and Reddit, didn't like the answers, and wanted to continue on with the supposed problem in another venue. Either way, it is a non-issue.

And as Paul Harvey used to say, "Now you know the rest of the story."

 

[worldwideRi]

The data on iOS is not accessible. As long as your master password is secure, there isn’t a problem.

I say if someone successfully hacks your Vault file or steals your iPhone (and gains access to it) you have bigger problems than deleted logins in the trash bin of 1Password

Use a strong Master password to protect your logins.
I can't see a problem here. Passwords in trash are outdated as well and not in use anymore.

It seems to me that this is much ado about nothing.

Quoting Brent, AgileBits Team Member, in the discussion referenced by OP:

"What "cracked vault"? All of this data is encrypted in 1Password, whether or not it's in the vault, in the Trash, or the fully deleted data is on disk because you haven't secure erased the whole thing, and the only way anyone can do anything with it is if you give them your Master Password, or use one that is easily guessable."

So, if I understand correctly, 1Password data deleted from a vault goes to the 1Password trash can, which you can't see on the iOS version. But, it is still encrypted the same as when it was in the vault. So, it is as secure as all the data you originally entrusted to 1Password in the first place.

If I am correct, I don't really see the issue. And, if I am wrong I am sure I will learn that soon!

Why has the Mac version a trash, but the iOS not?

This isn't about encryption/cracked vault! it's about proper deletion.

Tell me why the 1Password iOS version says delete, but the Mac version says move to trash?

In the Mac version it is explained correctly. But in the iOS version it is wrong name function delete =! move to the trash (it remains always in the trash). If it says delete, then it must be deleted. Everything else is confusion

I don't like it either. anyone who knows now can work it out.

imagine you have deleted hundreds of logins, notes etc.. in the last years, but then you are forced to give out your password, otherwise you will kill your family.

Then they do it, and the bad people transfer the vault file (e.g via 1Password Wi-Fi sync) to the 1Password Mac version. and then you see in the trash the old logins that were never deleted. you could create a complete profile of this person. if you find old documents, diaries, logins from old forum pages and so much more...

 

[chabig]

Tell me why the 1Password iOS version says delete, but the Mac version says move to trash?

In the Mac version it is explained correctly. But in the iOS version it is wrong name function delete =! move to the trash (it remains always in the trash). If it says delete, then it must be deleted.

The developer says that's just the way it's been made. They might change it in the future but it's not high priority. The OP was concerned about privacy. This UI "confusion" in no way exposes private information, so there is no security risk.

imagine you have deleted hundreds of logins, notes etc.. in the last years, but then you are forced to give out your password, otherwise you will kill your family

LOL! You've got to think bigger! Image Dr. Evil threatens a nuclear attack on millions of people unless you hand over your master password...

 

[Nikiforidis]

I agree with the OP and worldwideri.

While the data stays in your account encrypted and protected by the master password there are few privacy issues here. What if I want to show or check out some log in or data in 1Password with family (parents, brothers/sisters, wife/husband etc) and they see that old data (don't forget that 1Password is not only about log in there are secure notes as well)? After all when you press the "Delete" button you expect the data to be deleted not transfer to a hidden folder that can be accessed on the computer.

I saw a reply from one of their guys saying something like "Yea it's bugged but its very complex to fix, we will sort it out later". In my point of view it's unacceptable for that kind of app to have bugged the delete function. From the point of view that it's an app that millions use, apple named it app of the year or editors choice and from the point of view that this function is one of the basics in this kind of apps(add/edit/move/delete). Not to mention the high price they charge you monthly if you subscribe.

 

[NoBoMac]

LOL! You've got to think bigger! Image Dr. Evil threatens a nuclear attack on millions of people unless you hand over your master password...

...Or... ONE MILLION DOLLARS!

imagine you have deleted hundreds of logins, notes etc.. in the last years, but then you are forced to give out your password, otherwise you will kill your family.

I know a guy that has a very particular set of skills, I'll give him a ring if this should materialize.

 

[MacDawg]

I've used 1Password for years
I just checked and I have 86 deletions in my Trash on my Mac
And I left them there, wasn't even bothered enough to empty the trash
I'm seriously not worried about anyone trying to access my deleted files, nor am I concerned someone will threaten my family to get in my 1Password trash

 

[Apple_Robert]

I've used 1Password for years
I just checked and I have 86 deletions in my Trash on my Mac
And I left them there, wasn't even bothered enough to empty the trash
I'm seriously not worried about anyone trying to access my deleted files, nor am I concerned someone will threaten my family to get in my 1Password trash

If you are a 1Password subscriber, any deleted items are available for 365 days. Just throwing that out, for those that don't know.

 

[AppleMatt]

So, if I understand correctly, 1Password data deleted from a vault goes to the 1Password trash can, which you can't see on the iOS version. But, it is still encrypted the same as when it was in the vault. So, it is as secure as all the data you originally entrusted to 1Password in the first place.

If I am correct, I don't really see the issue. And, if I am wrong I am sure I will learn that soon!

You are correct. There is no issue here.

Yes I agree that there's no material security issue (or that I can think of). My point really is that a user should be able to delete their data - both in and of itself as a concept, but moreso when the app leads them to believe they have deleted that data. Because it's their data to do with as they please.

AppleMatt

 

[greattrika]

I agree with the OP and worldwideri.

While the data stays in your account encrypted and protected by the master password there are few privacy issues here. What if I want to show or check out some log in or data in 1Password with family (parents, brothers/sisters, wife/husband etc) and they see that old data (don't forget that 1Password is not only about log in there are secure notes as well)? After all when you press the "Delete" button you expect the data to be deleted not transfer to a hidden folder that can be accessed on the computer.

I saw a reply from one of their guys saying something like "Yea it's bugged but its very complex to fix, we will sort it out later". In my point of view it's unacceptable for that kind of app to have bugged the delete function. From the point of view that it's an app that millions use, apple named it app of the year or editors choice and from the point of view that this function is one of the basics in this kind of apps(add/edit/move/delete). Not to mention the high price they charge you monthly if you subscribe.

Absolutely correct.

We can now monitor our unsuspecting families and children.
The children use the 1password iOS version and synchronize it via icloud drive or dropbox. and the parents make on the mac version.

so you can watch our children and everything they want to delete or hide ends up in the trash. the good thing is, the children think it would be deleted, because there under 1Password iOS version the word "delete" is written. Although in truth only in a hidden folder (trash) is moved.

this is absolutely misleading and in this case a privacy problem for the children.

 

[ddrulez]

It's still encrypted and not reachable for anyone else than the one how make the password?

Do I miss something here?

 

[MacDawg]

Sweet mother, the paranoia is strong in this thread

 

[NoBoMac]

We can now monitor our unsuspecting families and children.

Ok, this is totally off the rails.

For this to be a thing, everyone needs to start off sharing the same password file, where EVERYONE can see what passwords are in there to begin with. And now we are supposed to be concerned about someone seeing the deleted password from the file that EVERYONE could see all the passwords from the beginning?!

And if parents are making their children save to a password file the parents can view, GREAT! The parent's house, their rules. And they are checking up on their kids to make sure they are not getting into anything nefarious. Once the kids are of legal age and move out on their own, then they can have their own password file with their own master key.

Do I miss something here?

Not missing anything. As MacDawg said, "the paranoia is strong in this thread".

 

[Mr. Heckles]

How is this a privacy issue? You’re the only one who has access to the vault. It’s not like AgileBits can see deleted files.