ElcomSoft Claims It's Able to Recover Deleted iCloud Notes Well Past Apple's 30-Day Window

Russian software company ElcomSoft today claimed in a blog post that iCloud notes marked as deleted are being stored on Apple's servers well past the advertised 30-day period they are kept in the "Recently Deleted" folder.

apple notes
ElcomSoft said it used an updated version of its Phone Breaker tool, version 6.5, to recover dozens of iCloud notes deleted more than a month ago. ElcomSoft said many of the notes were deleted a few weeks past the 30-day window, but in some cases, it was allegedly able to extract notes deleted "several months ago."

When a user deletes a note in Apple's Notes app, it's moved to the "Recently Deleted" folder, which explicitly states that "notes are permanently deleted after 30 days." Likewise, a support document on Apple's website says users can view and recover notes for up to 30 days before they're permanently deleted.

However, ElcomSoft CEO Vladimir Katalov said the oldest note it was able to retrieve was deleted around five years ago:

"We did it again," says Vladimir Katalov, ElcomSoft CEO. "After recovering deleted photos and Safari browsing history from iCloud, we now add the ability to recover deleted notes from the same source regardless of how much time has passed after the deletion. The oldest record we've been able to pull was deleted back in 2012."

In its blog post, ElcomSoft said it was able to extract 334 notes from an iPhone with only 288 notes stored on it, including those in the "Recently Deleted" folder. In other words, ElcomSoft claims it was able to recover 46 notes deleted more than 30 days ago, and that was only one example.

ElcomSoft notes
Nevertheless, ElcomSoft said that its ability to extract iCloud notes deleted more than 30 days ago is "not necessarily" guaranteed. "While some of our test accounts did indeed contain deleted notes going all the way back to 2015, some other accounts contained much less than that," it explained.

ElcomSoft said its Phone Breaker tool is the only software it knows of that can be used to recover iCloud notes deleted more than 30 days ago. It also said the latest version of its Phone Viewer tool is needed to view them. The tools start at $79 each and appear to be compatible with both Mac and Windows.

To extract and view deleted notes, ElcomSoft says all someone has to do is launch Phone Breaker version 6.5 or newer, click "Download Synced Data from iCloud," authenticate with an Apple ID and password or a binary authentication token, wait for the download to complete, and open the file in Phone Viewer.

ElcomSoft Phone Viewer Notes

ElcomSoft's Phone Viewer tool appears to show recovered iCloud notes

ElcomSoft said "there is no doubt Apple will fix the current issue," but it didn't confirm if it has been in contact with the company. MacRumors has opted not to use the Phone Breaker tool out of an abundance of caution. Apple did not immediately respond to a request for comment today.

Last year, ElcomSoft generated headlines when it claimed Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, even with backups turned off. In a statement, Apple said it offers call history syncing "as a convenience to our customers so that they can return calls from any of their devices."

In February, ElcomSoft also found that iCloud was allegedly storing deleted Safari browser history for a long period of time, ranging from several months to over a year. Forbes reported that Apple quietly "started purging older history records" once the news broke, but Apple never officially commented.

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
New MacBook Pros Launching Tomorrow With These 4 New Features 2

M5 MacBook Models to Use New Compact Camera Module in 2025

Wednesday July 17, 2024 2:58 am PDT by
Apple in 2025 will take on a new compact camera module (CCM) supplier for future MacBook models powered by its next-generation M5 chip, according to Apple analyst Ming-Chi Kuo. Writing in his latest investor note on unny-opticals-2025-business-momentum-to-benefit-509819818c2a">Medium, Kuo said Apple will turn to Sunny Optical for the CCM in its M5 MacBooks. The Chinese optical lens company...

Top Rated Comments

radioisotope Avatar
94 months ago
Lets face it people, no data truly gets deleted. If you're really concerned about privacy, dont use any electronic device.
Score: 20 Votes (Like | Disagree)
Alrescha Avatar
94 months ago
Elcomsoft is desperately trying to make a feature look like a flaw.

I suggest that Apple's intent is to let customers know that they have a *minimum* of thirty days to change their mind about deleting a note. To turn this around and try to claim that it is a guarantee that deleted notes will be purged at the thirty-day mark is a stretch.

It is perfectly reasonable to interpret "after thirty days" as "no sooner than thirty days".

A.
Score: 9 Votes (Like | Disagree)
robeddie Avatar
94 months ago
Does everyone interested in privacy now realize they just need to buy a bigass hard drive and skip all this cloud crap?
Score: 8 Votes (Like | Disagree)
ywshang Avatar
94 months ago
Come on. In today's OS terminology, "permanently deleted" only means the file is marked as disposable and MAY be destroyed if space is needed. It's is called "permanently deleted" only because theoretically speaking there is no guaranteed-to-work method to recover them. Given that the hard disks are getting so cheap these days, most likely none of those cloud servers of any company has ever deleted a single byte at all.
Score: 8 Votes (Like | Disagree)
KALLT Avatar
94 months ago
Lets face it people, no data truly gets deleted. If you're really concerned about privacy, dont use any electronic device.
No, this is why you don’t entrust cloud services with your data. Deleting such data is in most cases an afterthought for these developers. It is far easier to just flip a switch and hide the content from the user interface than to actually purge data from a database. Even if there is no malicious intent, there are several technical reasons why this doesn’t happen.

iCloud in particular is a massive blackbox with tons of irregularities and disappointments like this one. I don’t touch it anymore.
Score: 6 Votes (Like | Disagree)
LordQ Avatar
94 months ago
Nice, any software like this but with photos?
Score: 4 Votes (Like | Disagree)