Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,316
35,363


Russian software company ElcomSoft today claimed in a blog post that iCloud notes marked as deleted are being stored on Apple's servers well past the advertised 30-day period they are kept in the "Recently Deleted" folder.

apple-notes-800x310.jpg

ElcomSoft said it used an updated version of its Phone Breaker tool, version 6.5, to recover dozens of iCloud notes deleted more than a month ago. ElcomSoft said many of the notes were deleted a few weeks past the 30-day window, but in some cases, it was allegedly able to extract notes deleted "several months ago."

When a user deletes a note in Apple's Notes app, it's moved to the "Recently Deleted" folder, which explicitly states that "notes are permanently deleted after 30 days." Likewise, a support document on Apple's website says users can view and recover notes for up to 30 days before they're permanently deleted.

However, ElcomSoft CEO Vladimir Katalov said the oldest note it was able to retrieve was deleted around five years ago:
"We did it again," says Vladimir Katalov, ElcomSoft CEO. "After recovering deleted photos and Safari browsing history from iCloud, we now add the ability to recover deleted notes from the same source regardless of how much time has passed after the deletion. The oldest record we've been able to pull was deleted back in 2012."
In its blog post, ElcomSoft said it was able to extract 334 notes from an iPhone with only 288 notes stored on it, including those in the "Recently Deleted" folder. In other words, ElcomSoft claims it was able to recover 46 notes deleted more than 30 days ago, and that was only one example.

ElcomSoft-notes.jpg

Nevertheless, ElcomSoft said that its ability to extract iCloud notes deleted more than 30 days ago is "not necessarily" guaranteed. "While some of our test accounts did indeed contain deleted notes going all the way back to 2015, some other accounts contained much less than that," it explained.

ElcomSoft said its Phone Breaker tool is the only software it knows of that can be used to recover iCloud notes deleted more than 30 days ago. It also said the latest version of its Phone Viewer tool is needed to view them. The tools start at $79 each and appear to be compatible with both Mac and Windows.

To extract and view deleted notes, ElcomSoft says all someone has to do is launch Phone Breaker version 6.5 or newer, click "Download Synced Data from iCloud," authenticate with an Apple ID and password or a binary authentication token, wait for the download to complete, and open the file in Phone Viewer.

ElcomSoft-Phone-Viewer-Notes.jpg
ElcomSoft's Phone Viewer tool appears to show recovered iCloud notes

ElcomSoft said "there is no doubt Apple will fix the current issue," but it didn't confirm if it has been in contact with the company. MacRumors has opted not to use the Phone Breaker tool out of an abundance of caution. Apple did not immediately respond to a request for comment today.

Last year, ElcomSoft generated headlines when it claimed Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, even with backups turned off. In a statement, Apple said it offers call history syncing "as a convenience to our customers so that they can return calls from any of their devices."

In February, ElcomSoft also found that iCloud was allegedly storing deleted Safari browser history for a long period of time, ranging from several months to over a year. Forbes reported that Apple quietly "started purging older history records" once the news broke, but Apple never officially commented.

Article Link: ElcomSoft Claims It's Able to Recover Deleted iCloud Notes Well Past Apple's 30-Day Window
 
Last edited:
I just want a good place to archive all my Notes. The ones that are no longer useful but I still want to keep, but don't want taking up space in iCloud/my devices.

Evernote is crap because it doesn't keep all of the formatting or photos (I believe?), or the metadata. (the date the note was created)
 
sloppy coding. things need to not be 'marked as deleted'

No... it is actually really important to mark things as deleted, because if you don't, then when you have a legitimate reason to recover something, you don't have the ability to do so.

The problem is whatever system is supposed to then purge after 30 days wasn't working properly, and apparently that hasn't been a priority for Apple.
 
Elcomsoft is desperately trying to make a feature look like a flaw.

I suggest that Apple's intent is to let customers know that they have a *minimum* of thirty days to change their mind about deleting a note. To turn this around and try to claim that it is a guarantee that deleted notes will be purged at the thirty-day mark is a stretch.

It is perfectly reasonable to interpret "after thirty days" as "no sooner than thirty days".

A.
 
Lets face it people, no data truly gets deleted. If you're really concerned about privacy, dont use any electronic device.

No, this is why you don’t entrust cloud services with your data. Deleting such data is in most cases an afterthought for these developers. It is far easier to just flip a switch and hide the content from the user interface than to actually purge data from a database. Even if there is no malicious intent, there are several technical reasons why this doesn’t happen.

iCloud in particular is a massive blackbox with tons of irregularities and disappointments like this one. I don’t touch it anymore.
 
"Recently Deleted" exists because ordinary human beings are far more likely to accidentally delete something they later realize they needed than to have to delete something so others can't access the info. So, if "After 30 days" isn't exactly 30 days, there will be some people delighted that Apple didn't delete them after all.

For those who do need to positively delete their data, they can go into "Recently Deleted" and trash them a second time. This is true whether it's a privacy issue, or whether there's a need to free-up storage space.
 
  • Like
Reactions: AbblePC
Elcomsoft is desperately trying to make a feature look like a flaw.

I suggest that Apple's intent is to let customers know that they have a *minimum* of thirty days to change their mind about deleting a note. To turn this around and try to claim that it is a guarantee that deleted notes will be purged at the thirty-day mark is a stretch.

It is perfectly reasonable to interpret "after thirty days" as "no sooner than thirty days".

A.
Balderdash. I’m going to suggest just like you did that the vast majority of people would expect that after 30 days that the data is gone for good.
 
Does everyone interested in privacy now realize they just need to buy a bigass hard drive and skip all this cloud crap?
Those two options are hardly related since (with a few exceptions) everything in the cloud is also stored on your local hard drive. Switching off cloud services doesn't require getting a new, big hard drive. You already have that hard drive, almost everything is first generated locally (which could also be a phone or tablet) before it uploaded to the cloud.
 
Those two options are hardly related since (with a few exceptions) everything in the cloud is also stored on your local hard drive. Switching off cloud services doesn't require getting a new, big hard drive. You already have that hard drive, almost everything is first generated locally (which could also be a phone or tablet) before it uploaded to the cloud.

Whatever, my point is, if you want privacy, all you gotta do is (to paraphrase the rolling stones) get off of that cloud.
 
Come on. In today's OS terminology, "permanently deleted" only means the file is marked as disposable and MAY be destroyed if space is needed. It's is called "permanently deleted" only because theoretically speaking there is no guaranteed-to-work method to recover them. Given that the hard disks are getting so cheap these days, most likely none of those cloud servers of any company has ever deleted a single byte at all.
 
There does seem to be a bit of a pattern here.

I've posted previously about the way Apple retains contact information for the purposes of its recent contacts list even after deleting any record of the contact from Address Book or Mail (for example) and there's no way to permanently clear the list. You can only temporarily hide the previous recipients but they keep coming back.

At best this is an annoyance because I have recipients in the list I haven't contacted for many years and have no intention of ever contacting again cluttering the list. They are hardly "recent". Apple, why do I have recipients I haven't contacted for 5 years in the list that keep coming back?

At worst this is a privacy concern. Any permanent tracking/storing of user information and personal details without the ability to change or delete them bothers me. I get why the recent contacts in Messages and Mail exists but the implementation is flawed. They should let the user permanently delete individual recipients, clear the list entirely or at least bring their definition of "recent" from meaning "forever" to "previous 3 months" or something.

I support this company investigating digital privacy. Not everyone is concerned but many are and I think everyone deserves to at least be informed. That their findings appear to have led to some changes is a good thing.
 
Last edited:
A wise man once told me if you don't want somebody to read it don't write it down. That's especially true in the digital age. I assume anything on my phone and computer is being viewed by somebody. If I have something important to communicate that I want kept secret it's through a face to face conversation.
 
A wise man once told me if you don't want somebody to read it don't write it down. That's especially true in the digital age. I assume anything on my phone and computer is being viewed by somebody. If I have something important to communicate that I want kept secret it's through a face to face conversation.

That's all well and good but the point is Apple and (particularly) others aren't necessarily or always up front and transparent about the realities of data storage and what they do and don't store.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.