DTTG device storage and encryption


I’ve read through various posts here about DT and DTTG encryption and had a question that I did not see specifically covered.

As many of you may know, an increasing number of countries have laws which allow for digital device cloning/review at international borders. With that particular use-case in mind, how can I ensure that my DTTG data on my iPhone/iPad is not “cloned” as well?

[I’m not doing anything dodgy in my DTTG, it’s just that there may be sensitive intellectual property, contact details, and so on, that I’d rather not have to worry about being cloned, mishandled, and potentially exposed]

I have FaceID enabled for both devices, but I do not know if an unlocked device could somehow provide access to raw content on the local device that could be read as cleartext (so, for example, does enabling a PIN/FaceID on DTTG store the data encrypted until the PIN/FaceID is passed?).

Most device cloning is done after an initial unlock of the device OS itself, rather than requiring the owner of the device to unlock all applications that may have additional passwords/PINs/biometrics. But there are no guarantees, of course.

1Password has a Travel Mode whereby selected Vaults are purged from devices whilst travelling, removing any possibility that the content can be accessed or cloned.

I’m looking to create a similar experience on DTTG. It’s easier with DT, as I can just ensure that my Keychain does not have the DT database encryption passwords.

But with DTTG, I wasn’t sure how to best go about this. I’d prefer not to have to delete the app entirely and re-install it and re-sync it later, but, that’s obviously an option.

Thanks for any suggestions here!

Currently, DEVONthink To Go relies on the on-device encryption and is set to decrypt data after unlocking the device with Face ID. In addition its own Face ID security blocks access to the app unless you unlock it biometrically or with the PIN you’ve set.

However, if someone is able to clone the data on your device’s disk in an unencrypted form I’d consider this a breach of the device security itself, leaving all data that doesn’t have yet another layer of security open to inspection by the professional intruder. I suspect that the NSO Group in Israel might be able to do this but presumably nobody with less expertise than them.

I might be terribly mistaken here, of course.

That said, currently DEVONthink To Go has no travel mode like 1Password. A workaround might no switch off the phone before you reach a border checkpoint. When you then switch it on, the data for, e.g., DEVONthink To Go is not decrypted before you launch it for the first time again (at least that’s how I understand Apple’s documentation).

Thanks Eric - this was helpful. The main takeaway for me is that DTTG relies on the device encryption key for content security on mobile devices, and the use of FaceID or a Passcode is not used in encryption, but, purely as access control for a device which is already unlocked.

Scenarios like NSO aren’t really the issue here, but you’re not wrong to call out that use-case.

The problem is that border checkpoints have exceptions in the law to force people to unlock their devices. This is true for the US, UK, Australia, Hong Kong, and many other countries (the list is depressingly long).

In other words, anyone (of any citizenship) crossing into these countries can be forced to not just hand over their devices, but, unlock them (by providing the passphrase). Failure to do so can result in legal charges, as well as detention.

Once the device encryption is unlocked, border officials immediately make a clone/copy of the decrypted and accessible filesystem.

Thus the value of things like the 1P travel mode. No data on the device, encrypted or otherwise, so, any copies will not share 1P data.

For DTTG, it may be that the best approach is to fully delete the app when crossing international borders, and then re-install it after passing through these legal grey-area zones. I was just hoping to avoid that, given the hassle factor.


I wonder how they’d do it? There is no official way to clone an unlocked iOS device unless you use some advanced hackery. Even apps cannot read the files of other apps — or their own if the system didn’t unlock them frist with biometrics or PIN code.

Presumably the only way to prevent this would be to encrypt at least every document file on our own in addition to on-device security.

Oh, what you could do is this: Switch all sync locations that you use to “on demand” mode and then purge the databases. That way only the metadata would theoretically be accessible but no actual content files. The latter would needed to be downloaded on demand which would, in turn, require that that someone didn’t only unlock te device but also passed DEVONthink To Go’s own passcode/biometrics layer.