Codebook, King of iOS Encrypted Note Apps

There's nothing that makes an aging ex-security geek's heart go pitter-pat like the idea of a securely encrypted notepad. It's not just about passwords - sometimes, client information, config files, and so on, have information that you do not want on your mobile device without very strong protection. But amazingly, the iPhone, iPad, and iPod have very few options. Here's how they stack up.

Jonathan Feldman, CIO, City of Asheville, NC

March 13, 2011

3 Min Read
InformationWeek logo in a gray background | InformationWeek

There's nothing that makes an aging ex-security geek's heart go pitter-pat like the idea of a securely encrypted notepad. It's not just about passwords - sometimes, client information, config files, and so on, have information that you do not want on your mobile device without very strong protection. But amazingly, the iPhone, iPad, and iPod have very few options. Here's how they stack up.

My conclusion, after playing with these apps extensively: Out of the three apps available for iOS, Codebook is the encrypted note app I've been waiting for. So, I'll compare Codebook, below, with the other two note taking apps that offer encryption, PrivateNotes and Note Printer. Again, I don't count password keeper programs that offer note fields. Those are NOT note taking apps.

Encryption quality.

I was a user of CryptoPad on the Palm platform, and appreciated that it had peer-reviewed source code available. (As we all know, peer-review is how you can tell that an implementation is really secure - security through obscurity is a horrible idea in the crypto world.) Neither PrivateNotes nor Note Printer offer source code or significant details about their crypto. "AES" is about all you hear. Boy, there are a lot of ways to screw that up.

Codebook uses sqlcipher as its encrypted database back-end (it's a fork of the well-known and much-used sqlite project that incorporates the open source openssl library). In an embarrassing display of geekery, I was able to download the sqlcipher source code, compile it, and then take the Codebook database and decrypt it on my laptop. This verified that this was indeed the code being used on the iPhone app. Point being, what is claimed is what is actually offered. Right on.

Backups / Export.

I was able to grab the Codebook database to monkey around with it through its integration with Dropbox. Naturally, it would be nice to see more options such as WebDav, but Dropbox is free, so it's hard to argue with "only one option." Private Notes offers export via unencrypted email. Someone else might make a sarcastic comment like, "what a great idea that is," but I'll hold back. Or not. NotePrinter uses the WePrint remote sharing software on your Mac or PC, which is probably fine for a lot of uses, but, the database is not encrypted on the PC end.

Features & Bugs.

Codebook crashed on one of my devices and couldn't get it to work again until I deleted it and reinstalled it. Also, if you change your password, you can never sync again with Dropbox until you erase the copy of the database on the server (which will force Codebook to re-create it on the server). Unless you do this, you will crash during sync, presumably because without the right key, the database looks like random-data chutney to Codebook.

There's no autocorrect. The folks at Zetetic, who make Codebook, told me that this is because they want to be conservative about what ends up in the iOS auto-correct database, which is not encrypted. Fair enough. I still wish there was an option for autocorrect, but hopefully not a feature as poorly implemented as NotePrinter's. NotePrinter tries to have a bunch of autocorrect dictionaries, and doesn't use the iPhone's native autocorrect library, with the result that it's the slowest text entry ever. When I use an external bluetooth keyboard to type into NotePrinter, it misses about every other character due to its slowness.

There are also no categories. I wish there were, but I also understand that most folks think: how many encrypted notes do you really have to have? If I were still a security engineer, though, I might want a category for each of my clients' information, though.

Zetetic did a really good job on this app. It's the one to get if you're looking for secure notes on an iOS platform.

About the Author

Jonathan Feldman

CIO, City of Asheville, NC

Jonathan Feldman is Chief Information Officer for the City of Asheville, North Carolina, where his business background and work as an InformationWeek columnist have helped him to innovate in government through better practices in business technology, process, and human resources management. Asheville is a rapidly growing and popular city; it has been named a Fodor top travel destination, and is the site of many new breweries, including New Belgium's east coast expansion. During Jonathan's leadership, the City has been recognized nationally and internationally (including the International Economic Development Council New Media, Government Innovation Grant, and the GMIS Best Practices awards) for improving services to citizens and reducing expenses through new practices and technology.  He is active in the IT, startup and open data communities, was named a "Top 100 CIO to follow" by the Huffington Post, and is a co-author of Code For America's book, Beyond Transparency. Learn more about Jonathan at Feldman.org.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights