We always claimed that if there once were a security issue with Cryptomator, we’d be unable to hide it. Now it happened: A user reported an issue in our iOS app that we consider severe.
Thanks for the update. Out of curiosity, in iCloud Backup, this cleartext would have been included in the backup associated with the Cryptomator App and if that (in particular) was deselected it would not have been sent to iCloud in cleartext?
I had an uncomfortable feeling when I learned that the new version of Cryptomator was integrated with the Files application on iOS. Before this new release, the entire Cryptomator infrastructure on the device was solely under its own control, yes? IOW, even when a file was decrypted, only Cryptomator could “see” the plaintext.
I see the many advantages of Files app integration. But relying on a plaintext file store outside of the Cryptomator app requires a lot of faith in the host OS that, until now, we did not need to have. I mean, if plaintext files were completely safe and secure on the device, it would eliminate much of the need for Cryptomator, right?
That’s not quite true. The local cache in cleartext is still stored inside the Cryptomator app. The Files app (the host) has access to Cryptomator via the File Provider Extension it offers. But yeah, if the host app is compromised or evil, there is a certain risk. To be fair, that risk is very low. It’s on the same level as not trusting the operating system itself.
Not exactly. Cryptomator fulfills the need to store encrypted files in the cloud. See:
Of course, that doesn’t mean that Cryptomator can just “do whatever it wants” on the device itself. There are still best practices to be followed to keep the data tight and secure. But it got a little harder because of the File Provider Extension API.