Apple has always been known as one of the most privacy-focused tech giants, but no company is perfect. IT Specialist Bob Gendler on Wednesday published a Medium blog post that claims Apple’s encrypted email technology is perhaps not as encrypted as you might think.
While investigating the link between macOS and Siri — particularly, the contact and information suggestion features of the latter Gendler found a process called “suggestd,” and a “Suggestions” folder. Suggestions was stored inside the easily-accessible, “user-level” Library folder, which isn’t particularly concerning in and of itself.
However, within this folder, Gendler made an interesting discovery: a file called “snippets.db” was storing his “S/MIME” macOS emails in plaintext; without any form of encryption. Even with Siri disabled and the private key — which is usually necessary for an encrypted message to be readable — removed, these emails were still being stored in the same manner. A separate database file stored unencrypted names, emails, and phone numbers for your contacts.
As concerning as this information is, it may not be worth getting too distressed yet. First, you’d need to be using Apple Mail instead of any other email client for this to be a problem. Second, though Gendler claims that disabling Siri as a whole doesn’t stop the email storing, visiting your Siri Suggestions & Privacy menu and unchecking the box for Apple Mail should “mitigate” the issue.
Existing emails won’t automatically disappear from the database after doing so, but deleting the snippets.db file will remove them, and the behavior shouldn’t continue in the future. Gendler also states that having FileVault enabled offers “another layer of protection.”
With that said, if you aren’t particularly tech-savvy, it would probably be pretty easy to miss the previously-mentioned mitigations. Fortunately, this behavior is clearly not intentional, and Apple plans to fix the issue in a coming software patch, though we don’t have an exact timeline yet. Notably, this bug was present in the past four versions of macOS, including Catalina, Mojave, High Sierra, and Sierra.
If you want to avoid these unencrypted snippets potentially being read by other apps, you can avoid giving apps full disk access in macOS Catalina, according to Apple — and you probably have very few apps with full disk access. Apple also says that turning on FileVault will encrypt everything on your Mac, if you want to be extra safe.
Again, this vulnerability probably won’t affect that many people. But if you do rely on Apple Mail and believed your Apple Mail emails were 100 percent encrypted, it seems that they’re not. As Gendler says, “It brings up the question of what else is tracked and potentially improperly stored without you realizing it.”