Hi everybody,
just bought the software today, the whole package (Mac, iPad, iPhone). According to the site, Tap Forms allows you to encrypt your entire database. However, it turns out that the encryption is just local, and if you use iCloud to sync your database it is sent unencrypted (or, maybe, encrypted on the basis of your iCloud password, if I understand correctly what the developer has stated on this forum).
I experienced the surreal situation first-hand today when, after having created an encrypted database on my Mac, I enabled iCloud sync and found my database, completely in the clear, on my iPad, without any need for the encryption key i had set on my Mac.
If this is the case, it seems to me an extremely poor solution, badly thought out and badly explained on the site. The purpose of creating your own encryption key is exactly to put your files encrypted with it on remote locations, like iCloud.
Color me very disappointed, unless I understood something wrong.
V
Hi V,
Tap Forms does encrypt the data sent to iCloud using the same AES encryption as the local database. It just uses a random key with an algorithm so the other side can decrypt it. I plan on adding an additional encryption key just for the iCloud bits in a future update.
Thanks!
Brendan
Thanks for your answer. It seems to me, however, to confirm precisely that there is a problem here. If the data are sent to iCloud with a key that other devices can automatically recreate, the key is by definition not secret, and the encryption useless.
I think it would be much more prudent, at the moment, to avoid touting Tap Forms as a “secure” database. At the very least, the details of its encryption implementation should be clearly indicated.
.
