DTG IOS Backup encrypted or not


I am a reasonably long-term user of DT on Mac and just installed DTG on IOS 13 (having just moved off of Android)

I am also a fan of end-to-end encryption and, incidentally, that was something that got me onto DT and away from Evernote.

I sync using DT with encryption on iCloud.

My question is

Is IOS backing up my encrypted DT data or my unencrypted DT data?

PS I don’t care that IOS encrypts the backups. It’s not the point.


No, the sync data in the sync store on iCloud is encrypted. The actual files inside of DEVONthink To Go are stored in plain text, protected by iOS’ own device-side encryption. The iOS backup backs up the actual files on disk, we have not added another layer of encryption on the already existing system-wide encryption.

Hi Eric. I understand that the sync data in the sync store on iCloud is encrypted. That would be using my keys that only I know. I was happy.

For the iCloud backup, as you say they are plain text protected by IOS’s own device-side encryption however, this is not encryption that is under my end-to-end control.

Firstly, Apple is using a private key for me that Apple stores (to save me from myself in the case of the average user).

Furthermore, there is a 6 digit passcode that is used for the device and the backups and which only I can know.

My problem with this is

  1. I was very happy with being fully in control of e2e encryption with DevonThink and my 50 character random key.
  2. The backups to iCloud were made by default and I’m not happy about the weakness of the 6 character numeric key viz a viz the strength of my DevonThink key and that fact that I was opted in to this backup.

So, what I am trying to say, between the lines, is that it would have been nice to have been warned about the backing up of, for all intents and purposes, unencrypted data as now, the horse has bolted and there can no longer ever be any guarantee that the data is private (assuming you agree that the only privacy is the privacy you create for yourself with true end-to-end encryption ).

If you read support apple com/en-us/HT202303 it clearly says:

End-to-end encryption provides the highest level of data security. Your data is protected with a key derived from information unique to your device, combined with your device passcode, which only you know. No one else can access or read this data.

If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices.

So, in summary the Apple encryption is only as good as the 6 digit passcode and that’s not the same as the level of encryption and assurance I had with DevonThink.

Anyway, you’re not alone. I have other e2e encryption apps and my switch from Android to IOS has led to Apple backing up all of them with the same consequences.

PS Apple stores iCloud data on Azure. So the data, which is only as secure as that 6 digit passcode because the private key is packed with the backup ‘for your convenience’ is subject to not just Apple’s but also, Microsoft’s T&Cs which include those of their third party partners (which for Microsoft, include partners in China, Jordan and other jurisdictions.

Are starting to get a sense of where I’m coming from?

I totally understand. However, there is nothing we can do about how Apple does their backups. The only way would be to add file-based encryption to DEVONthink To Go so that whatever Apple does the file would be encrypted anyway and under our/your control.

We might add that but for the moment I’d recommend not backing up DEVONthink To Go databases (we have added a switch for opting out of it) and treating the sync store as your securely encrypted backup.

1 Like

Is this the switch you recommend keeping off to prevent un-encrypted (essentially as Apple owns the keys) data off of iCloud servers?


Hi Robin. Yes with the caveat that you will want to do that before you sync your location (otherwise, the horse will have bolted as it were).

You can also toggle backup for each app elsewhere in IOS settings noting again that it may, technically, be too late.

In my case, having come over from Android and also having a Mac (which does nightly encrypted backups using Arq) I really should have just turned off IOS backups because it simply doesn’t do anything other than make it easy for me (or an evil interloper with my passcode and iCloud creds) to reinstall (classic case of convenience over security).

Thanks! As someone who is “paperless,” I prefer managing my data. Looks like it’s time for a fresh install of DTTG!

@eboehnisch it would be nice if, as soon as DTG is aware the user has an encrypted sync location, if it could prompt to warn that IOS backup is on (assumes user has not globally disabled it) with some sort of warning like ‘you have IOS backup configured. Please be aware … etc’ and thus ensure the user has the option to disable backup for the app before syncing.

It seems this is doable.

1 Like

Thank you, @darkstar. Noted as a feature request :slightly_smiling_face:

1 Like

In Settings, Under iCloud, you can/should turn off the switch there as well.

In Settings, Under iCloud, you can/should turn off the switch there as well.

Don’t follow this advice. This prevents the app from using iCloud at all.

Are you saying that we should treat the sync store as our mobile device’s backup if we want everything to stay encrypted?

The language is unclear. If this isn’t what you meant, I’m not sure how else one would use DTTG.


Yes, if you don’t trust Apple then the sync store as an encrypted copy of all your data is the backup of your choice. Or backup your database from the Mac where files are accessible and can be copied to an additional hard drive or USB stick.

1 Like

Version 3.3.2 will show a hint when encrypted sync stores are set up.


The @eboehnisch you have responded to has been replaced by an older, newer @eboehnisch. Your message will not be forwarded, as that could lead to an infinite loop and alter the future as seen from the past. Please don’t do that.