ElcomSoft Claims It's Able to Recover Deleted iCloud Notes Well Past Apple's 30-Day Window

Discussion in 'MacRumors.com News Discussion' started by MacRumors, May 19, 2017.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Russian software company ElcomSoft today claimed in a blog post that iCloud notes marked as deleted are being stored on Apple's servers well past the advertised 30-day period they are kept in the "Recently Deleted" folder.


    ElcomSoft said it used an updated version of its Phone Breaker tool, version 6.5, to recover dozens of iCloud notes deleted more than a month ago. ElcomSoft said many of the notes were deleted a few weeks past the 30-day window, but in some cases, it was allegedly able to extract notes deleted "several months ago."

    When a user deletes a note in Apple's Notes app, it's moved to the "Recently Deleted" folder, which explicitly states that "notes are permanently deleted after 30 days." Likewise, a support document on Apple's website says users can view and recover notes for up to 30 days before they're permanently deleted.

    However, ElcomSoft CEO Vladimir Katalov said the oldest note it was able to retrieve was deleted around five years ago:
    In its blog post, ElcomSoft said it was able to extract 334 notes from an iPhone with only 288 notes stored on it, including those in the "Recently Deleted" folder. In other words, ElcomSoft claims it was able to recover 46 notes deleted more than 30 days ago, and that was only one example.


    Nevertheless, ElcomSoft said that its ability to extract iCloud notes deleted more than 30 days ago is "not necessarily" guaranteed. "While some of our test accounts did indeed contain deleted notes going all the way back to 2015, some other accounts contained much less than that," it explained.

    ElcomSoft said its Phone Breaker tool is the only software it knows of that can be used to recover iCloud notes deleted more than 30 days ago. It also said the latest version of its Phone Viewer tool is needed to view them. The tools start at $79 each and appear to be compatible with both Mac and Windows.

    To extract and view deleted notes, ElcomSoft says all someone has to do is launch Phone Breaker version 6.5 or newer, click "Download Synced Data from iCloud," authenticate with an Apple ID and password or a binary authentication token, wait for the download to complete, and open the file in Phone Viewer.

    ElcomSoft's Phone Viewer tool appears to show recovered iCloud notes

    ElcomSoft said "there is no doubt Apple will fix the current issue," but it didn't confirm if it has been in contact with the company. MacRumors has opted not to use the Phone Breaker tool out of an abundance of caution. Apple did not immediately respond to a request for comment today.

    Last year, ElcomSoft generated headlines when it claimed Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, even with backups turned off. In a statement, Apple said it offers call history syncing "as a convenience to our customers so that they can return calls from any of their devices."

    In February, ElcomSoft also found that iCloud was allegedly storing deleted Safari browser history for a long period of time, ranging from several months to over a year. Forbes reported that Apple quietly "started purging older history records" once the news broke, but Apple never officially commented.

    Article Link: ElcomSoft Claims It's Able to Recover Deleted iCloud Notes Well Past Apple's 30-Day Window
  2. LordQ Suspended


    Sep 22, 2012
  3. radioisotope macrumors newbie


    Feb 3, 2017
    The Matrix
    Lets face it people, no data truly gets deleted. If you're really concerned about privacy, dont use any electronic device.
  4. CyberBob859 macrumors 6502


    Jun 13, 2007
  5. Regbial macrumors 6502


    Jul 10, 2010
    I just want a good place to archive all my Notes. The ones that are no longer useful but I still want to keep, but don't want taking up space in iCloud/my devices.

    Evernote is crap because it doesn't keep all of the formatting or photos (I believe?), or the metadata. (the date the note was created)
  6. macsrcool1234 macrumors 65816

    Oct 7, 2010
    sloppy coding. things need to not be 'marked as deleted'
  7. longofest Editor emeritus


    Jul 10, 2003
    Falls Church, VA
    No... it is actually really important to mark things as deleted, because if you don't, then when you have a legitimate reason to recover something, you don't have the ability to do so.

    The problem is whatever system is supposed to then purge after 30 days wasn't working properly, and apparently that hasn't been a priority for Apple.
  8. jmh600cbr macrumors 6502a


    Feb 14, 2012
    click the link, read the functions. this does photos
  9. LordQ Suspended


    Sep 22, 2012
    thx fam
  10. macTW Suspended

    Oct 17, 2016
    At least they require Apple ID verification for use.
  11. Alrescha macrumors 68020

    Jan 1, 2008
    Elcomsoft is desperately trying to make a feature look like a flaw.

    I suggest that Apple's intent is to let customers know that they have a *minimum* of thirty days to change their mind about deleting a note. To turn this around and try to claim that it is a guarantee that deleted notes will be purged at the thirty-day mark is a stretch.

    It is perfectly reasonable to interpret "after thirty days" as "no sooner than thirty days".

  12. iapplelove macrumors 601


    Nov 22, 2011
    East Coast USA
    I didn't even know there was a place that stored deleted notes for 30 days. Where?
  13. KALLT macrumors 601

    Sep 23, 2008
    No, this is why you don’t entrust cloud services with your data. Deleting such data is in most cases an afterthought for these developers. It is far easier to just flip a switch and hide the content from the user interface than to actually purge data from a database. Even if there is no malicious intent, there are several technical reasons why this doesn’t happen.

    iCloud in particular is a massive blackbox with tons of irregularities and disappointments like this one. I don’t touch it anymore.
  14. ApfelKuchen macrumors 68030

    Aug 28, 2012
    Between the coasts
    "Recently Deleted" exists because ordinary human beings are far more likely to accidentally delete something they later realize they needed than to have to delete something so others can't access the info. So, if "After 30 days" isn't exactly 30 days, there will be some people delighted that Apple didn't delete them after all.

    For those who do need to positively delete their data, they can go into "Recently Deleted" and trash them a second time. This is true whether it's a privacy issue, or whether there's a need to free-up storage space.
  15. robeddie Suspended


    Jul 21, 2003
    Does everyone interested in privacy now realize they just need to buy a bigass hard drive and skip all this cloud crap?
  16. H2SO4 macrumors 601

    Nov 4, 2008
    Balderdash. I’m going to suggest just like you did that the vast majority of people would expect that after 30 days that the data is gone for good.
  17. pika2000 macrumors 601

    Jun 22, 2007
    Russian vs democrats: Russian evil!
    Russian vs Apple: Apple sucks!
  18. manu chao macrumors 603

    Jul 30, 2003
    Those two options are hardly related since (with a few exceptions) everything in the cloud is also stored on your local hard drive. Switching off cloud services doesn't require getting a new, big hard drive. You already have that hard drive, almost everything is first generated locally (which could also be a phone or tablet) before it uploaded to the cloud.
  19. robeddie Suspended


    Jul 21, 2003
    Whatever, my point is, if you want privacy, all you gotta do is (to paraphrase the rolling stones) get off of that cloud.
  20. ywshang macrumors member

    Jan 25, 2007
    Come on. In today's OS terminology, "permanently deleted" only means the file is marked as disposable and MAY be destroyed if space is needed. It's is called "permanently deleted" only because theoretically speaking there is no guaranteed-to-work method to recover them. Given that the hard disks are getting so cheap these days, most likely none of those cloud servers of any company has ever deleted a single byte at all.
  21. thisisnotmyname macrumors 68000


    Oct 22, 2014
    known but velocity indeterminate
    Just let me assign my own encryption key for ALL iCloud data Apple. I'll take the risk that losing it means my data is lost forever.
  22. simonmet, May 19, 2017
    Last edited: May 24, 2017

    simonmet macrumors 68000


    Sep 9, 2012
    There does seem to be a bit of a pattern here.

    I've posted previously about the way Apple retains contact information for the purposes of its recent contacts list even after deleting any record of the contact from Address Book or Mail (for example) and there's no way to permanently clear the list. You can only temporarily hide the previous recipients but they keep coming back.

    At best this is an annoyance because I have recipients in the list I haven't contacted for many years and have no intention of ever contacting again cluttering the list. They are hardly "recent". Apple, why do I have recipients I haven't contacted for 5 years in the list that keep coming back?

    At worst this is a privacy concern. Any permanent tracking/storing of user information and personal details without the ability to change or delete them bothers me. I get why the recent contacts in Messages and Mail exists but the implementation is flawed. They should let the user permanently delete individual recipients, clear the list entirely or at least bring their definition of "recent" from meaning "forever" to "previous 3 months" or something.

    I support this company investigating digital privacy. Not everyone is concerned but many are and I think everyone deserves to at least be informed. That their findings appear to have led to some changes is a good thing.
  23. Michaelgtrusa macrumors 604

    Oct 13, 2008
  24. Macaholic868 macrumors 6502


    Feb 2, 2017
    A wise man once told me if you don't want somebody to read it don't write it down. That's especially true in the digital age. I assume anything on my phone and computer is being viewed by somebody. If I have something important to communicate that I want kept secret it's through a face to face conversation.
  25. simonmet macrumors 68000


    Sep 9, 2012
    That's all well and good but the point is Apple and (particularly) others aren't necessarily or always up front and transparent about the realities of data storage and what they do and don't store.

Share This Page