With Advanced Data Protection, Apple will offer users to get end-to-end, zero knowledge encryption on almost all their iCloud data, which is awesome.
I was wondering if it will include Bear’s database as well? This support document reads:
When you turn on Advanced Data Protection, third-party app data stored in iCloud Backup and CloudKit encrypted fields and assets are end-to-end encrypted.
If our beloved developers could make it so that our data is end-to-end encrypted when we switch on Advanced Data Protection, it would be wonderful! And it seems like it would not be too much work (design the data as encrypted, I guess?)
See this is something i would really like to know too because then the whole process of remaking bear into an end to end encrypted model would never have to pass and take who knows how many months to make…
Would love to know more about this as well.
I have not installed iOS 16.2 yet but my understanding is the new Advanced Data Protection is not open to third-party developers. If this will be at some point made available to devs (or even better, it just works) we’ll be glad to integrate it.
Mind CloudKit already provides non-e2e encryption as some services un ADP but we do provide our own.
Thanks for your answer! CloudKit is concerned as well by the blanket E2EE, is my understanding. In the same way that your files are encrypted but still available to your apps locally. I might be very mistaken on that front, but if not, it would be great if Bear could be made compatible
What does it mean “you provide your own”? Does it mean our databases stored on CloudKit are encrypted with keys you have but Apple doesn’t?
I mean password protected notes are e2e encrypted.
It seems that developers must take some kind of step so it falls under ADP.
“Advanced Data Protection also automatically protects CloudKit fields that third-party developers choose to mark as encrypted, and all CloudKit assets.”
And: " iCloud stores some data without the protection of user-specific CloudKit service keys, even when Advanced Data Protection is turned on. CloudKit Record fields must be explicitly declared as “encrypted” in the container’s schema to be protected, and reading and writing encrypted fields requires the use of dedicated APIs."
from: Advanced Data Protection for iCloud - Apple Support
I came here from reddit, where some people have asked for this privacy & security enhancement here:
Please do add this functionality. It would be amazing. Thank you.
Can there be clarification whether Bear uses or will use this requirement?
“CloudKit Record fields must be explicitly declared as “encrypted” in the container’s schema to be protected, and reading and writing encrypted fields requires the use of dedicated APIs .”
If so, I hope there’s some kind of update to Bear’s faq as well.
Yes, as you can see on the API page you linked
encryptedValues is available only on macOS 12+ and iOS 15+. This is a huge problem for us because B2 actually supports macOS 10.15+ and iOS 14+ so we can’t support this API without dropping a considerable portion of users currently using B1.
Usually, we can check inside the code the OS version the user is running and eventually enable a version-specific API but this is different because we are not aware of the other user devices and which OS they are running. Otherwise, we can find ourselves in situations where some user devices can’t sync.
I would like to enable this and I am aware of the tradeoffs. This could be an opt-in setting with a disclaimer about which OSes are supported.