Are all Notes.app notes stored in iCloud encrypted?
This page makes it unclear:
https://support.apple.com/en-us/HT202303
It notes "Encryption is available only when you use the latest iOS or macOS and upgrade your Notes app." - and the latest version of Notes app has a "password protect" option.
What I'm trying to figure out is in the latest version of Notes app, are all notes encrypted on Apple's servers, or just ones that are explicitly password protected?
Solution 1:
Yes. All iCloud data is protected at rest minimally by encryption as described in the security white paper Apple publishes regularly.
Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk’s contents that utilizes SHA-256. The keys, and the file’s metadata, are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as Amazon S3 and Windows Azure.
https://www.apple.com/business/docs/iOS_Security_Guide.pdf - Page 44
iCloud Drive and CloudKit data have additional layer(s) of encryption / keys added, but for notes you get the described level of security where data is encrypted before it leaves the device and hits the network.
The local password feature is solely to prevent access of the note on your device(s) once the note is retrieved from the cloud.