Files deleted from Apple’s Notes app shouldn’t be recoverable after 30 days, but the security and data forensics company Elcomsoft found they could access records that were deleted months—or even more than a year—ago. That sounds pretty bad, but recovering those files requires some pretty specific elements, including knowing your iCloud login and password.
iCloud offers data recovery for files that have been deleted in the lat 30 days. That’s a feature, not a bug, and TMO’s Melissa Holt recently detailed how that works. After 30 days, however, and those files are supposed to really be deleted and unrecoverable.
Elcomsoft found it’s possible to restore long deleted Notes data in some cases, saying, “We discovered that deleted notes are actually left in the cloud way past the 30-day period, even if they no longer appear in the ‘Recently Deleted’ folder.”
How Elcomsoft Notes Data Recovery Works
While restoring Notes files that were deleted more than 30 days ago does pose a privacy threat, it’s not necessarily a gaping hole any hacker can use. Accessing the deleted files requires the Apple ID and password linked to the iCloud account and Elcomsoft’s forensic software, both of which aren’t likely in the hands of a hacker.
The company’s tools can download all Notes data associated with an iCloud account, including those that no longer appear as recently deleted. Once the Notes files are downloaded, they can be viewed and searched without any restrictions.
Behind Elcomsoft’s Motivation
Detailing the flaw in Apple’s Notes recovery feature is, on one hand, a community service because now users and the company are aware of the problem. Apple can work on a server-side patch that truly deletes files that fall outside the recovery feature’s 30-day window, and users can decide if syncing Notes through iCloud is something they want to keep doing.
On the other hand,…