Software // Information Management
Commentary
3/13/2011
10:17 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Codebook, King of iOS Encrypted Note Apps

There's nothing that makes an aging ex-security geek's heart go pitter-pat like the idea of a securely encrypted notepad. It's not just about passwords - sometimes, client information, config files, and so on, have information that you do not want on your mobile device without very strong protection. But amazingly, the iPhone, iPad, and iPod have very few options. Here's how they stack up.

There's nothing that makes an aging ex-security geek's heart go pitter-pat like the idea of a securely encrypted notepad. It's not just about passwords - sometimes, client information, config files, and so on, have information that you do not want on your mobile device without very strong protection. But amazingly, the iPhone, iPad, and iPod have very few options. Here's how they stack up.

My conclusion, after playing with these apps extensively: Out of the three apps available for iOS, Codebook is the encrypted note app I've been waiting for. So, I'll compare Codebook, below, with the other two note taking apps that offer encryption, PrivateNotes and Note Printer. Again, I don't count password keeper programs that offer note fields. Those are NOT note taking apps.

Encryption quality.

I was a user of CryptoPad on the Palm platform, and appreciated that it had peer-reviewed source code available. (As we all know, peer-review is how you can tell that an implementation is really secure - security through obscurity is a horrible idea in the crypto world.) Neither PrivateNotes nor Note Printer offer source code or significant details about their crypto. "AES" is about all you hear. Boy, there are a lot of ways to screw that up.

Codebook uses sqlcipher as its encrypted database back-end (it's a fork of the well-known and much-used sqlite project that incorporates the open source openssl library). In an embarrassing display of geekery, I was able to download the sqlcipher source code, compile it, and then take the Codebook database and decrypt it on my laptop. This verified that this was indeed the code being used on the iPhone app. Point being, what is claimed is what is actually offered. Right on.

Backups / Export.

I was able to grab the Codebook database to monkey around with it through its integration with Dropbox. Naturally, it would be nice to see more options such as WebDav, but Dropbox is free, so it's hard to argue with "only one option." Private Notes offers export via unencrypted email. Someone else might make a sarcastic comment like, "what a great idea that is," but I'll hold back. Or not. NotePrinter uses the WePrint remote sharing software on your Mac or PC, which is probably fine for a lot of uses, but, the database is not encrypted on the PC end.

Features & Bugs.

Codebook crashed on one of my devices and couldn't get it to work again until I deleted it and reinstalled it. Also, if you change your password, you can never sync again with Dropbox until you erase the copy of the database on the server (which will force Codebook to re-create it on the server). Unless you do this, you will crash during sync, presumably because without the right key, the database looks like random-data chutney to Codebook.

There's no autocorrect. The folks at Zetetic, who make Codebook, told me that this is because they want to be conservative about what ends up in the iOS auto-correct database, which is not encrypted. Fair enough. I still wish there was an option for autocorrect, but hopefully not a feature as poorly implemented as NotePrinter's. NotePrinter tries to have a bunch of autocorrect dictionaries, and doesn't use the iPhone's native autocorrect library, with the result that it's the slowest text entry ever. When I use an external bluetooth keyboard to type into NotePrinter, it misses about every other character due to its slowness.

There are also no categories. I wish there were, but I also understand that most folks think: how many encrypted notes do you really have to have? If I were still a security engineer, though, I might want a category for each of my clients' information, though.

Zetetic did a really good job on this app. It's the one to get if you're looking for secure notes on an iOS platform.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.