How to password protect Agenda?

I bought the app last week. I’m still tweaking and adding my old OneNote notes manually.
I see some very personal notes and need passwords.
I’m sad to see now that this feature doesn’t exist and even sadder to see that this has been dragging on since 2018.

1 Like

It is one of our high priority projects. Unfortunately there are still a few of those running.

We released the app in 2018, and pretty much every high profile project has been “dragging” since then. We have to prioritize, tackling one or two at a time. It shouldn’t be too long now to get to this. We certainly haven’t forgotten it.

This is creepy. This means Apple can decrypt your notes.

Yes, I think that is very likely. They no doubt encrypt the data with a key, and the key is probably kept separate to the notes, but a rogue employee probably could find our what is in your notes.

Note that this is really possible with any app. At some point you have to trust the company providing the service. Even if an app promises end-to-end encryption, and it uses a password you provide to do that, the data does have to be decrypted on your device to show it to you, and a rogue company could just upload that unencrypted data.

Nothing is 100% safe. Hopefully you trust the companies you store your data with, and hopefully they are at least taking steps to encrypt data so that if there is a breach from outside, the thief will just have a bunch of useless encrypted data. Guarding against a thief from inside the company itself is more difficult.

Agreed, nothing is 100% safe.

Has anyone used Cryptomator (open source end to end encryption) with Agenda on iCloud or some other cloud provider?

I have not tested it yet. Just bought Agenda a few days ago and love it. However, I plan on testing out encrypted vaults later this week.

Why not use the CloudKit end-to-end encryption to add this to Agenda? See CloudKit end-to-end encryption – Apple Support (UK)

It relies on the Keychain for the encryption keys, allows syncing and solves most of the issues. It can probably be used also to additionally lock/unlock certain projects / categories with FaceID / TouchID / password, without adding the extra complexity of a full encryption stack on your own.

Thanks for the pointer. Looks to be very new, so would only be a solution for the latest OS I guess.

But certainly worth looking at. Thanks!

I think that document refers to Apple’s own services, not per se to a generic availability of such service to third parties, unless I’m mistaken.

This is for developers, maybe this other document makes it clearer: CloudKit security – Apple Support (UK)

Thanks, we’ll take a look.

Dear drew and dev team,
Would an app-lock or lock by projects feature be difficult to implement?

We are considering it right now. Hopefully be part of Agenda 17

4 Likes

What exactly is being considered? At least encrypting of select projects would be acceptable, if you wont do it all. It hurts to not be able to truly make full use of the product / syncing and be honest with it without some extra privacy.

1 Like

No encryption, no. Encrypting the data would be a much bigger project. Would require rewriting large parts of the app. We will simply be providing the ability to hide notes, projects, and the app behind a password/Face ID. This is for avoiding prying eyes, and not worrying about your kids reading sensitive stuff if you give them your iPad to play with.

Encryption is a lot trickier. We probably will not provide on disk encryption, because the OS already provides that if you want it. You can have the whole disk encrypted and protected by your sign in if it is very important to you.

We would like at some point to work on encrypting data in the cloud. Apple currently do this in iCloud with the synced data, but you have to trust Apple. It would be nice to allow some higher level of encryption for that data at some point.

2 Likes

I think for many of us, a simple face-id lock or pass code should be an enough warning for unwanted eyes, such as nosy partner or curious friend!

1 Like