Apple Mail on macOS leaves parts of encrypted emails in plaintext

apple-mail-encrypted-issue.jpg
Image: Bob Gendler

The Apple Mail app on macOS stores encrypted emails in plaintext inside a database called snippets.db.

The issue was discovered earlier this year by an Apple IT specialist named Bob Gendler.

The issue is not fixed at the time of writing, although Gendler told the company about it back in July. A fix is coming, according to tech news site The Verge; however, Apple did not provide a timeline.

Apple Mail + Siri = bad

The bug occurs because of a Siri feature that allows Apple’s voice assistant to provide information for contacts, following an owner’s request.

According to Gendler, Siri uses a process called “suggestd” to scrape various apps for contact information. Whatever it finds, it stores inside the snippets.db file, where it keeps the data on hand, in case the user ever wants a contact suggestion.

Over the summer, Gendler discovered that if users had configured Apple Mail to send and receive encrypted email, Siri would collect a plaintext version of the user’s emails, and store them inside this database.

“This is a big deal. This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected,” Gendler said in a blog post published this week.

“Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data,” he said.

How to prevent Siri from scraping your emails

Gendler says the issue was present on all macOS versions from Sierra to the latest Catalina.

The Mac IT expert says that disabling Siri doesn’t do anything, as the “suggestd” process keeps scraping emails to have them ready the next time Siri was enabled.

The only way to prevent Siri from scraping encrypted emails is to specifically tell it not to read content from Apple Mail.

“There are 3 ways to disable these processes from learning from Apple Mail,” Gendler said. They are:

1) Go to System PreferencesSiriSiri Suggestions & Privacy, and then uncheck the box for Apple Mail.

2) Run from the Mac Terminal the following command (as a normal user, no admin access needed):

defaults write com.apple.suggestions SiriCanLearnFromAppBlacklist -array com.apple.mail

3) Deploy a System-Level (for all users) configuration profile to turn off Siri from learning from Apple Mail.

Gendler said the third option is permanent, as a future OS update won’t accidentally re-enable Siri’s email scraping.

A final step, Gendler said, is to remove the snippets.db file. Telling Siri to stop scraping Apple Mail content doesn’t automatically delete this file, so users will need to do it themselves. The file is located in “/Users/(username)/Library/Suggestions/”.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 62,393.00
ethereum
Ethereum (ETH) $ 4,334.62
binance-coin
Binance Coin (BNB) $ 496.91
tether
Tether (USDT) $ 1.02
cardano
Cardano (ADA) $ 2.04
solana
Solana (SOL) $ 200.99
xrp
XRP (XRP) $ 1.08
polkadot
Polkadot (DOT) $ 43.36
dogecoin
Dogecoin (DOGE) $ 0.312963
shiba-inu
Shiba Inu (SHIB) $ 0.000068
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 62,393.00
ethereumEthereum (ETH)
$ 4,334.62
tetherTether (USDT)
$ 1.02
bitcoin-cashBitcoin Cash (BCH)
$ 594.13
litecoinLitecoin (LTC)
$ 195.78
bitcoinBitcoin (BTC)
53.771,22
ethereumEthereum (ETH)
3.735,64
tetherTether (USDT)
0,879051
bitcoin-cashBitcoin Cash (BCH)
512,03
litecoinLitecoin (LTC)
168,73
bitcoinBitcoin (BTC)
45,369.07
ethereumEthereum (ETH)
3,151.92
tetherTether (USDT)
0.741693
bitcoin-cashBitcoin Cash (BCH)
432.02
litecoinLitecoin (LTC)
142.36

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021

Blockchain/Cryptocurrency Questions and Answers

Bitcoin's Popularity
Top Reasons Why Bitcoin’s Popularity is Growing
October 28, 2021
Ethereum
Everything You Ever Wanted To Know About Ethereum
October 28, 2021
Top 5 Crypto Funds You Should Definitely Follow Too
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021
Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin61,823 1.22 % 5.06 % 6.67 %
Ethereum4,269.9 0.52 % 7.49 % 2.39 %
Binance Coin493.51 0.64 % 9.50 % 1.91 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Cardano2.020 0.42 % 4.58 % 7.98 %
Solana199.16 0.67 % 6.20 % 13.42 %
XRP1.070 0.40 % 6.20 % 6.52 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.3018 3.10 % 26.42 % 18.58 %
Shiba Inu0.00006535 3.89 % 15.99 % 123.48 %

bitcoin
Bitcoin (BTC) $ 62,393.00
ethereum
Ethereum (ETH) $ 4,334.62
binance-coin
Binance Coin (BNB) $ 496.91
tether
Tether (USDT) $ 1.02
cardano
Cardano (ADA) $ 2.04
solana
Solana (SOL) $ 200.99
xrp
XRP (XRP) $ 1.08
polkadot
Polkadot (DOT) $ 43.36
dogecoin
Dogecoin (DOGE) $ 0.312963
shiba-inu
Shiba Inu (SHIB) $ 0.000068