Let me preface this by saying I'm NOT an security expert!
So yesterday I decided to try out the iExplorer from Macroplant that allows you to "browse" inside your iOS device (PhoneView from Ecamm also does this). I mainly wanted to save app data (mainly games) prior to deleting the app from my iPad. When I connected my passcode-enabled iPad, I was shocked to see what was available to view and download. Pretty much everything! I erroneously thought that the iOS data protection would encrypt the data and keep it safe as long as it was passcode locked.
Side note: I know there are apps that support iTunes file sharing and when you connect it to any computer running iTunes, you can save to and from the app that supports that feature. It is a nice and convenient feature, but it bypasses the passcode unless the app is specifically written not to allow access. For instance, Goodreader has an option to enable security where you can't download files using iTunes sharing until you enter your passcode on the idevice. You can still see the name of the files, but can't download them. However, most other apps allow iTunes file sharing on a passcode locked device including Apple who allows access to photos when connected to iPhoto on Mac or when connected to a Windows PC. I knew about the file sharing ever since it was implemented, but wasn't too concerned about it initially since I wasn't keeping any confidential files on the iPad. However, that is changing and it's very concerning.
So back to iExplorer. I initially tried the program on my desktop PC connected to my TV for home entertainment. iExplorer was horrible and gave me constant errors, but I managed to use it to save some data. I tried to download files from Goodreader and was able to do so even when the iPad was locked with a passcode. This had me really concerned since this is the app that I use for sensitive pdf files and was immune to "data leakage" using iTunes file sharing. Since it was like pulling teeth using this program, I decided to install iExplorer on the Mac at work. It was a much much better experience using this program on the Mac versus the PC. When I tried to download files again from Goodreader using Mac version of iExplorer, it didn't allow it until I unlocked my iPad with the passcode. So I will need to try this again with the PC version when I get home because two versions are behaving differently.
Sorry for the long post. My main point is that people should be careful what they store on their iPads because even when the iPad is passcode locked and set to destroy itself after 10 incorrect attempts, someone can simply plug it in and use software like this to see and download app data as well as phone logs, messages, etc without even entering the correct passcode. Only safe apps are the ones that encrypt their own data like 1password. This also means that your spouse or significant others can see all the "unsuitable" materials
one may store inside these privacy apps since files are all visible when using programs like iExplorer. I'm definitely going to do more research regarding the Goodreader since it did protect my files when I tried using Mac version of iExplorer. Also if you have a jailbroken device, this program can see into your root directory so game over. It's like using iFiles on my iPhone.
TL;DR, your data is not safe even when passwcode is enabled with data destruction. Apple really needs to address this by not allowing any access to the files, even iTunes file sharing, until passcode is entered.
So yesterday I decided to try out the iExplorer from Macroplant that allows you to "browse" inside your iOS device (PhoneView from Ecamm also does this). I mainly wanted to save app data (mainly games) prior to deleting the app from my iPad. When I connected my passcode-enabled iPad, I was shocked to see what was available to view and download. Pretty much everything! I erroneously thought that the iOS data protection would encrypt the data and keep it safe as long as it was passcode locked.
Side note: I know there are apps that support iTunes file sharing and when you connect it to any computer running iTunes, you can save to and from the app that supports that feature. It is a nice and convenient feature, but it bypasses the passcode unless the app is specifically written not to allow access. For instance, Goodreader has an option to enable security where you can't download files using iTunes sharing until you enter your passcode on the idevice. You can still see the name of the files, but can't download them. However, most other apps allow iTunes file sharing on a passcode locked device including Apple who allows access to photos when connected to iPhoto on Mac or when connected to a Windows PC. I knew about the file sharing ever since it was implemented, but wasn't too concerned about it initially since I wasn't keeping any confidential files on the iPad. However, that is changing and it's very concerning.
So back to iExplorer. I initially tried the program on my desktop PC connected to my TV for home entertainment. iExplorer was horrible and gave me constant errors, but I managed to use it to save some data. I tried to download files from Goodreader and was able to do so even when the iPad was locked with a passcode. This had me really concerned since this is the app that I use for sensitive pdf files and was immune to "data leakage" using iTunes file sharing. Since it was like pulling teeth using this program, I decided to install iExplorer on the Mac at work. It was a much much better experience using this program on the Mac versus the PC. When I tried to download files again from Goodreader using Mac version of iExplorer, it didn't allow it until I unlocked my iPad with the passcode. So I will need to try this again with the PC version when I get home because two versions are behaving differently.
Sorry for the long post. My main point is that people should be careful what they store on their iPads because even when the iPad is passcode locked and set to destroy itself after 10 incorrect attempts, someone can simply plug it in and use software like this to see and download app data as well as phone logs, messages, etc without even entering the correct passcode. Only safe apps are the ones that encrypt their own data like 1password. This also means that your spouse or significant others can see all the "unsuitable" materials
one may store inside these privacy apps since files are all visible when using programs like iExplorer. I'm definitely going to do more research regarding the Goodreader since it did protect my files when I tried using Mac version of iExplorer. Also if you have a jailbroken device, this program can see into your root directory so game over. It's like using iFiles on my iPhone.TL;DR, your data is not safe even when passwcode is enabled with data destruction. Apple really needs to address this by not allowing any access to the files, even iTunes file sharing, until passcode is entered.
