iPad Pro iPad Pro and external encrypted SSD

[dangeng]

Hi guys,

is it really true, that this so called iPad Pro ‘Laptop‘ with the Pro in its name and a price point of
almost 1000€ can not read encrypted SSD?

Is now everybody running around with non encrypted external harddrives?

Am I missing something?

Cheers Dan

 

[Shirasaki]

Yes, iPadOS 13 doesn’t support encrypted SSD.

And no, encrypting hard drive itself is not very popular.

 

[secretk]

Yes, iPadOS 13 doesn’t support encrypted SSD.

And no, encrypting hard drive itself is not very popular.

Yep, same here. I mean encrypting the storage on your device - yes that is popular. Encrypting external device not so much because I am not sure that you want to keep sensitive data in external storage device you know. At least I would not. I can lose external drive way easier than the device itself.

 

[sparksd]

Agree with the others - no sensitive data on an external drive I'm taking out and about.

 

[BigMcGuire]

I think that most people today put their data in the cloud. Anyone dealing with super important "encrypted" data isn't going to be using an iPad to deal with it.

OneDrive/iCloud/Dropbox all have their own "encryption" that is fairly robust. Use a VPN when on public WiFi and your data is acceptably "encrypted" for most people. All others will use Mac OS, Windows, Linux.

Even for me, in this day and age, if my data is so important that it has to be encrypted, I'm not storing it on an external drive that could be lost, destroyed, crashed - it's going to be in the cloud.

Agree with sparksd here. I've had way too many external drives fail for me to ever trust them with data.

 

[richpjr]

A lot of companies (including mine) have strict policies about only allowing flash drives or external drives to be used if they are encrypted, so that could come into play if you need to use it for work.

 

[secretk]

A lot of companies (including mine) have strict policies about only allowing flash drives or external drives to be used if they are encrypted, so that could come into play if you need to use it for work.

Good point! In my company we are not allowed to use external drives. For two reasons - first we are not supposed to store company data on our own drives and we have 1 TB OneDrive storage after all. And second reason - viruses can enter external drives easily enough.

 

[sparksd]

Good point! In my company we are not allowed to use external drives. For two reasons - first we are not supposed to store company data on our own drives and we have 1 TB OneDrive storage after all. And second reason - viruses can enter external drives easily enough.

I'm retired now but we had strict prohibitions against using personal equipment for work. I remember an incident where someone had accidentally put a classified value in a work email in an unclassified environment. Some of the recipients had been logging in on personal devices at home and reading their email - they were visited at home by "authorities" and had their equipment confiscated, wiped, and returned to them.

 

[secretk]

I'm retired now but we had strict prohibitions against using personal equipment for work. I remember an incident where someone had accidentally put a classified value in a work email in an unclassified environment. Some of the recipients had been logging in on personal devices at home and reading their email - they were visited at home by "authorities" and had their equipment confiscated, wiped, and returned to them.

Luckily for us it is not that strict. I mean I can access my work email from home. That being said we do have policies put in place - software on our company laptops as well MDM app on our company iPhones. And yes we do should not store company files on personal devices or personal cloud storage. I would not say that someone has been visitted but the company does rely on software you will to monitor what you are doing. You know what I mean .

 

[marty1980]

I don’t know if any such apps exist, but theoretically an app could use encryption for files on the external SSD. So the drive itself wouldn’t be locked down, but the files on it would be.

I don’t think the ability to use encrypted, external storage should make or break the iPad as a computer replacement paradigm. That is a niche need and using an app like I described above could be a solution for that niche audience.

The iPad obviously isn’t suited for all computer needs. It’s slowly moving in that direction, but it won’t replace a computer for everyone.

 

[AutomaticApple]

Is now everybody running around with non encrypted external harddrives?

Yes, and it has been like that for a long time.

 

[riverfreak]

I have to agree with the OP. Encryption should be the de facto standard for data at rest regardless of which medium it resides, especially for a company heavily playing the privacy card.

This has nothing to do with one’s personal risk calculation. It’s a general principle that should be addressed and at the bare minimum provided as an option.
[automerge]1590727992[/automerge]

I don’t know if any such apps exist, but theoretically an app could use encryption for files on the external SSD. So the drive itself wouldn’t be locked down, but the files on it would be.

I don’t think the ability to use encrypted, external storage should make or break the iPad as a computer replacement paradigm. That is a niche need and using an app like I described above could be a solution for that niche audience.

The iPad obviously isn’t suited for all computer needs. It’s slowly moving in that direction, but it won’t replace a computer for everyone.

Sensible argument — I think you are arguing that apps could handle encryption of their own storage needs. Certainly plausible although far from ideal.

Regardless of whether a drive is encrypted or it contains encrypted bundles, this should be handled at the OS level and iPadOS should be able to deal with both. This isn’t a niche use case by any means.

 

[cupcakes2000]

I have only ever encrypted full drives if they’re used for full computer backup, time machine etc, which would have no relevance on the iPad.

Otherwise I use Cryptomator for encrypted folders which can be put anywhere and be easily read by anything with the open source Cryptomator app installed.

I have always done it this way with one app or another from even before the iPad existed.

I never knew iPados couldn’t handle an encrypted drive. It’s a bit of a shame, but I use encryption for nearly everything and didn’t know until this thread, so I suppose it’s easily dealt with.

 

[dangeng]

I have to agree with the OP. Encryption should be the de facto standard for data at rest regardless of which medium it resides, especially for a company heavily playing the privacy card.

Thanks everybody for your answers. Much appreciated.

I see it exactly as riverfreak. It’s supposedly a ‘pro‘ device (whatever that means) and this device costs a ******** of money coming from a company that is talking and advertising privacy very much.

I don’t even wanna carry highly sensitive data around. But I have around 2TB of pictures on a SSD that I’d like to go through to delete some and edit.
Now I have this actually beautiful expensive device that would be perfect to go through those pictures (btw. before uploading to the cloud, because I don’t need all of them in the cloud). Those pictures are of friends and lots of them are from weddings, hence carrying those pictures around unencrypted would be just stupid.

Anyway, I obviously have to find another way, or better yet return the iPad ‘pro‘ and just use my MacBook.

But still, I am very disappointed of Apple. Because I didn’t even use some random encryption but there one APFS standard...

Cheers
Daniel

 

[sparksd]

Thanks everybody for your answers. Much appreciated.

I see it exactly as riverfreak. It’s supposedly a ‘pro‘ device (whatever that means) and this device costs a ******** of money coming from a company that is talking and advertising privacy very much.

I don’t even wanna carry highly sensitive data around. But I have around 2TB of pictures on a SSD that I’d like to go through to delete some and edit.
Now I have this actually beautiful expensive device that would be perfect to go through those pictures (btw. before uploading to the cloud, because I don’t need all of them in the cloud). Those pictures are of friends and lots of them are from weddings, hence carrying those pictures around unencrypted would be just stupid.

Anyway, I obviously have to find another way, or better yet return the iPad ‘pro‘ and just use my MacBook.

But still, I am very disappointed of Apple. Because I didn’t even use some random encryption but there one APFS standard...

Cheers
Daniel

They may well be working on it - Files is an immature product at this point. Because of file corruption on external storage formatted as exFAT (I documented in separate thread) I have stopped using it altogether; I use FileBrowser for Business for external storage access. And while I may not make use of encrypted storage, I do agree that it should be part of baseline functionality.

 

[cupcakes2000]

@dangeng - What end to end encrypted cloud service are you uploading it to? Or are you using an app to create encrypted folders? Way less safe in an unencrypted cloud server than on an unencrypted hard disk.

 

[BigMcGuire]

What cloud service stores data unencrypted today?

Between Google, iCloud, OneDrive - they all store data at rest encrypted - and as far as I'm aware, they encrypt the data before sending it off to the cloud (TLS, etc).

How OneDrive safeguards your data in the cloud - Microsoft Support

Learn how we help protect your files in OneDrive and what you can do to help protect them.

support.office.com

OneDrive does have a File Vault option that uses a much higher level of encryption and 2FA to open the folder.

 

[cupcakes2000]

What cloud service stores data unencrypted today?

Between Google, iCloud, OneDrive - they all store data at rest encrypted - and as far as I'm aware, they encrypt the data before sending it off to the cloud (TLS, etc).

How OneDrive safeguards your data in the cloud - Microsoft Support

Learn how we help protect your files in OneDrive and what you can do to help protect them.

support.office.com

OneDrive does have a File Vault option that uses a much higher level of encryption and 2FA to open the folder.

It’s true, but they hold the keys unlike your own encrypted hard disk or your own encrypted vault or even true end to end encrypted services.

*edit* I’m assuming here that you’re aware of the considerable differences in security between ‘encrypted at rest’ and ‘end to end encryption’.

If the op is as worried about ‘sensitive information’ as they stated - then surely one would only consider those options.
[automerge]1590773066[/automerge]
It’s somewhat null and void to be so concerned with an encrypted hard drive to then send all the data off to a cloud service where someone other than you can view the data if they wished, be it a employee of the company who’s services you’re using or whether it be by a data breach of some sort.
That’s something far more substantial to worry about unless they’re specifically worried about a in home issue - such as a spouse, a police raid, or a targeted burglary in order to gain this info. And if that is the case, then it’s even more unwise to upload to any cloud without end to end protection.

 

[riverfreak]

@dangeng - What end to end encrypted cloud service are you uploading it to? Or are you using an app to create encrypted folders? Way less safe in an unencrypted cloud server than on an unencrypted hard disk.

I think your argument is a bit of a red herring.

The OP has a very, very reasonable use case. They need to work with sensitive user data via external storage. To them, that data is sensitive in the sense that they wouldn’t want anyone to get their hands on it. It doesn’t need to be state secrets for someone to want to add an encryption layer to their workflow, especially in a mobile computing environment.

Debating whether or not they should be using external storage, if the data is sufficiently sensitive, if they should be working at a remote location with sensitive (or not) data, or if some storage mechanisms are more or less secure is immaterial. They need to use external storage at some point in their workflow and they would prefer for those (easy To steal and misplace) items to be protected.
[automerge]1590786266[/automerge]

It’s true, but they hold the keys unlike your own encrypted hard disk or your own encrypted vault or even true end to end encrypted services.

*edit* I’m assuming here that you’re aware of the considerable differences in security between ‘encrypted at rest’ and ‘end to end encryption’.

If the op is as worried about ‘sensitive information’ as they stated - then surely one would only consider those options.
[automerge]1590773066[/automerge]
It’s somewhat null and void to be so concerned with an encrypted hard drive to then send all the data off to a cloud service where someone other than you can view the data if they wished, be it a employee of the company who’s services you’re using or whether it be by a data breach of some sort.
That’s something far more substantial to worry about unless they’re specifically worried about a in home issue - such as a spouse, a police raid, or a targeted burglary in order to gain this info. And if that is the case, then it’s even more unwise to upload to any cloud without end to end protection.

Slightly hyperbolic, yes?

Awareness of the strengths and weaknesses of both local encryption and remote encryption are not mutually exclusive. One can consider both in light of their own personal risk model.

 

[Ron21]

Just get the Samsung T7 Touch, it's encrypted and will unlock with your fingerprint.

 

[riverfreak]

Just get the Samsung T7 Touch, it's encrypted and will unlock with your fingerprint.

Will those mount on an iPad? I wonder about the Kingston ironkeys, too.

 

[sparksd]

Will those mount on an iPad? I wonder about the Kingston ironkeys, too.

See this thread -

https://forums.macrumors.com/threads/samsung-t7-touch-with-ipad-pro.2234434/

 

[riverfreak]

See this thread -

https://forums.macrumors.com/threads/samsung-t7-touch-with-ipad-pro.2234434/

Much obliged.