ElcomSoft Claims It's Able to Recover Deleted iCloud Notes Well Past Apple's 30-Day Window

by

Russian software company ElcomSoft today claimed in a blog post that iCloud notes marked as deleted are being stored on Apple's servers well past the advertised 30-day period they are kept in the "Recently Deleted" folder.

apple notes
ElcomSoft said it used an updated version of its Phone Breaker tool, version 6.5, to recover dozens of iCloud notes deleted more than a month ago. ElcomSoft said many of the notes were deleted a few weeks past the 30-day window, but in some cases, it was allegedly able to extract notes deleted "several months ago."

When a user deletes a note in Apple's Notes app, it's moved to the "Recently Deleted" folder, which explicitly states that "notes are permanently deleted after 30 days." Likewise, a support document on Apple's website says users can view and recover notes for up to 30 days before they're permanently deleted.

However, ElcomSoft CEO Vladimir Katalov said the oldest note it was able to retrieve was deleted around five years ago:

"We did it again," says Vladimir Katalov, ElcomSoft CEO. "After recovering deleted photos and Safari browsing history from iCloud, we now add the ability to recover deleted notes from the same source regardless of how much time has passed after the deletion. The oldest record we've been able to pull was deleted back in 2012."

In its blog post, ElcomSoft said it was able to extract 334 notes from an iPhone with only 288 notes stored on it, including those in the "Recently Deleted" folder. In other words, ElcomSoft claims it was able to recover 46 notes deleted more than 30 days ago, and that was only one example.

ElcomSoft notes
Nevertheless, ElcomSoft said that its ability to extract iCloud notes deleted more than 30 days ago is "not necessarily" guaranteed. "While some of our test accounts did indeed contain deleted notes going all the way back to 2015, some other accounts contained much less than that," it explained.

ElcomSoft said its Phone Breaker tool is the only software it knows of that can be used to recover iCloud notes deleted more than 30 days ago. It also said the latest version of its Phone Viewer tool is needed to view them. The tools start at $79 each and appear to be compatible with both Mac and Windows.

To extract and view deleted notes, ElcomSoft says all someone has to do is launch Phone Breaker version 6.5 or newer, click "Download Synced Data from iCloud," authenticate with an Apple ID and password or a binary authentication token, wait for the download to complete, and open the file in Phone Viewer.

ElcomSoft Phone Viewer Notes

ElcomSoft's Phone Viewer tool appears to show recovered iCloud notes

ElcomSoft said "there is no doubt Apple will fix the current issue," but it didn't confirm if it has been in contact with the company. MacRumors has opted not to use the Phone Breaker tool out of an abundance of caution. Apple did not immediately respond to a request for comment today.

Last year, ElcomSoft generated headlines when it claimed Apple "secretly" syncs Phone and FaceTime call history logs on iCloud, even with backups turned off. In a statement, Apple said it offers call history syncing "as a convenience to our customers so that they can return calls from any of their devices."

In February, ElcomSoft also found that iCloud was allegedly storing deleted Safari browser history for a long period of time, ranging from several months to over a year. Forbes reported that Apple quietly "started purging older history records" once the news broke, but Apple never officially commented.

Tags: ElcomSoft, iCloud, Notes
Related Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+

Popular Stories

ios 18 4 carplay

Apple Upgrades CarPlay in Two Ways

Wednesday March 12, 2025 6:05 am PDT by
The upcoming iOS 18.4 update for the iPhone includes a smaller but meaningful improvement for Apple's in-car iPhone mirroring system CarPlay. Specifically, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra with a...
Read Full Article55 comments
Apple More Personal Siri Ad

John Gruber Says 'Something is Rotten' at Apple

Wednesday March 12, 2025 7:39 pm PDT by
Daring Fireball's John Gruber today shared some strongly-worded comments about Apple's delayed personalized Siri features. Gruber is a well-known Apple pundit who has been writing about the company for more than two decades. In a blog post titled "Something Is Rotten in the State of Cupertino," Gruber said Apple's credibility has been "damaged" by the delay:Keynote by keynote, product by...
Read Full Article608 comments
airpods pro 2 gradient

AirPods Pro 3 Launch Now Just Months Away: Here's What We Know

Tuesday March 11, 2025 3:26 am PDT by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as excellent for...
Read Full Article47 comments
Apple Maps vs Google Maps Feature

iOS 18.4 Adds a Highly-Requested Setting to iPhones — But Not in U.S.

Wednesday March 12, 2025 1:05 pm PDT by
iPhones are finally getting a much-requested setting, but availability is limited. The upcoming iOS 18.4 update introduces an option to set a default navigation app, other than Apple Maps, but unfortunately this new setting is limited to users in the EU. There, you can now set an app like Google Maps or Waze as your default navigation app on the iPhone by opening the Settings app and tapping ...
Read Full Article117 comments
iphone 17 pro asherdipps

iPhone 17 Pro Max Rumors Allegedly Refer to 'iPhone 17 Ultra' Model

Friday March 14, 2025 7:56 am PDT by
If you've been following iPhone rumors over the last few years, you may remember reading reports that Apple flirted with the idea of introducing a super high-end "Ultra" model that would either replace its Pro Max device or sit above it in Apple's smartphone hirearchy. These reports appeared in the pre-launch iPhone 15 and iPhone 16 rumor cycles, but ultimately came to nothing. Now though, the...
Read Full Article140 comments
iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro Machined Parts Leak Reflects Camera Redesign Rumors

Thursday March 13, 2025 3:07 am PDT by
Apple's upcoming iPhone 17 Pro models are expected to feature a significant design overhaul, and a new image apparently taken on an assembly line for the unreleased devices appears to confirm the biggest rumored change. Render of an iPhone 17 Pro model shared by Jon Prosser The iPhone 17 Pro and iPhone 17 Pro Max are rumored to adopt a horizontal camera bar reminiscent of Google's Pixel...
Read Full Article87 comments
Generic iOS 19 Feature Mock Light

iOS 19 Will Bring Biggest Design Overhaul Since iOS 7

Monday March 10, 2025 12:17 pm PDT by
Apple is planning for a major design overhaul of the iPhone, iPad, and Mac interfaces with the introduction of iOS 19, iPadOS 19, and macOS 16 later this year, reports Bloomberg. The update will "fundamentally change" the look of Apple's operating system, introducing a more consistent cross-platform experience. Apple plans to update the style of icons, menus, apps, windows, and system...
Read Full Article260 comments
Sad Siri Feature

Kuo: Apple Knows Apple Intelligence is 'Underwhelming' and Won't Drive iPhone Upgrades

Thursday March 13, 2025 9:32 am PDT by
The Apple Intelligence features that Apple introduced with iOS 18 are not pushing people to upgrade their iPhones, Apple analyst Ming-Chi Kuo reiterated today. Apple's recent Siri failures are also going to have an impact on 2025 iPhone shipments, which the market is beginning to realize. As early as last July, Kuo said expectations that Apple Intelligence could drive iPhone upgrades were...
Read Full Article291 comments
Sad Siri Feature

Kuo: Cook Should Personally Address Siri Apple Intelligence Failure

Thursday March 13, 2025 4:02 pm PDT by
Apple made a major misstep with the way that it handled the delay of Apple Intelligence features for Siri, Apple analyst Ming-Chi Kuo said today. Announcing the delay through a press statement was a bad decision, and Apple should instead have gone through official channels. Kuo referenced the well-known "Antennagate" PR crisis when the iPhone 4 launched in 2010, and the way that then Apple...
Read Full Article430 comments

Top Rated Comments

radioisotope Avatar
radioisotope
102 months ago
Lets face it people, no data truly gets deleted. If you're really concerned about privacy, dont use any electronic device.
Score: 20 Votes (Like | Disagree)
Alrescha Avatar
Alrescha
102 months ago
Elcomsoft is desperately trying to make a feature look like a flaw.

I suggest that Apple's intent is to let customers know that they have a *minimum* of thirty days to change their mind about deleting a note. To turn this around and try to claim that it is a guarantee that deleted notes will be purged at the thirty-day mark is a stretch.

It is perfectly reasonable to interpret "after thirty days" as "no sooner than thirty days".

A.
Score: 9 Votes (Like | Disagree)
robeddie Avatar
robeddie
102 months ago
Does everyone interested in privacy now realize they just need to buy a bigass hard drive and skip all this cloud crap?
Score: 8 Votes (Like | Disagree)
ywshang Avatar
ywshang
102 months ago
Come on. In today's OS terminology, "permanently deleted" only means the file is marked as disposable and MAY be destroyed if space is needed. It's is called "permanently deleted" only because theoretically speaking there is no guaranteed-to-work method to recover them. Given that the hard disks are getting so cheap these days, most likely none of those cloud servers of any company has ever deleted a single byte at all.
Score: 8 Votes (Like | Disagree)
KALLT Avatar
KALLT
102 months ago
Lets face it people, no data truly gets deleted. If you're really concerned about privacy, dont use any electronic device.
No, this is why you don’t entrust cloud services with your data. Deleting such data is in most cases an afterthought for these developers. It is far easier to just flip a switch and hide the content from the user interface than to actually purge data from a database. Even if there is no malicious intent, there are several technical reasons why this doesn’t happen.

iCloud in particular is a massive blackbox with tons of irregularities and disappointments like this one. I don’t touch it anymore.
Score: 6 Votes (Like | Disagree)
LordQ Avatar
LordQ
102 months ago
Nice, any software like this but with photos?
Score: 4 Votes (Like | Disagree)
Read All Comments