Apple wants to be the only technology company you trust, so it has a lot of reputation for how to protect your privacy. However, if you send an encrypted email from Apple Mail, there is currently a way to read some text in that email as if it were unencrypted. Apple has been aware of this vulnerability for months without modification.
Before going any further, it should be noted that this can only affect a small number of people. You should not use macOS, Apple Mail, send encrypted email from Apple Mail, or use FileVault to encrypt your entire system already, and know exactly where to find this information in Apple system files. If you are a hacker, you also need to access those system files.
Apple tells The Verge that they are aware of this issue and that they will fix it in future software updates. The company also says that only part of the email is saved. But the fact that Apple is leaving some of the encrypted emails publicly must be encrypted, but obviously not good.
Only part of the email is saved
This vulnerability was shared by Apple-centric IT expert Bob Gendler on a Medium blog published Wednesday. Sendler says that while macOS and Siri figure out how to suggest information to the user, they find a macOS database file that stores information from Mail and other applications, and then say that Siri uses it to better suggest information to the user. Not so shocking by itself. Apple needs to see and learn some of your information in order to provide better Siri suggestions.
However, Gendler found that one of these files, snippets.DB, stores unencrypted text in unencrypted emails. Here is the image he shared. It helps to explain the progress.
The circle on the left is around the encrypted email and Gendler’s computer cannot read it. Gendler generally says that you have removed the private key to do so. However, you can write the text of the encrypted email in snippets.db in the right circle.
Sendler has tested the four most recent macOS releases: Catalina, Mojave, High Sierra, and Sierra, and said they can read encrypted email text in snippets.db. I was able to check the existence of snippets.db and found that some emails from Apple Mail are saved. Still, I didn’t find a way to get snippets.DB to save the encrypted email I sent.
There is a way to stop collecting emails
Gendler reported this issue to Apple for the first time on July 29 and the company had a temporary solution to him despite repeated conversations with Apple until November 5 (99 days later). Said it did not provide. Apple updated each of the four versions of macOS that found the vulnerability a few months after Gendler reported it, but nothing really updated.
To stop collecting email in snippets.DB, Apple says you can do this by going to System Preferences> Siri> Siri Suggestions and Privacy> Mail and toggle “Learn in this app.” This solution for Gendler — says this temporary solution will prevent new emails from being added to snippets.db. To prevent old emails stored in snippets.db from being scanned anymore, you need to delete those files as well.
According to Apple, if you don’t want these unencrypted snippets to be potentially read by other apps, you can avoid giving your app full disk access in macOS Catalina, and few apps have full disk access. Apple also says that when you turn on FileVault, it encrypts everything on your Mac for added safety.
This vulnerability will not affect many people. But if you rely on Apple Mail and think that Apple Mail email is 100% encrypted, it doesn’t seem to be. “This raises the question that you are being tracked and potentially misstored without realizing it,” Gendler said.