S/MIME encrypted e-mails stored on macOS in plain text

If you need a little more security for your email communication, you might encrypt your mails additionally. Then you should know that the mails under macOS are still stored in plain text.

(via ifun)

Normally the transmission path of the email is encrypted via SSL. Nobody can access the mail from the outside – but the provider can. If you want to be sure that the mail is unreadable before it leaves the mail program, you can use S/MIME encryption. Here Apple even explains how to set this up on computers with macOS or devices with iOS.


macOS stores S/MIME encrypted mails in plaintext

Many will not take this extra effort, but those who do probably have a good reason for it. To them it should be said: macOS saves the mails in plain text anyway – which undermines the security issue a bit.

Siri needs to evaluate the mails in plaintext.

IT Specialist Bob Gendler came across this fact because he wanted to find out Siri could, for example, suggest the right contact information on a Mac. The process responsible for this is suggestd, which is part of the system-wide LaunchAgent com.apple.suggestd. This in turn evaluates some databases for the right suggestions, among other things also with email – and these are not stored encrypted.

Due to this circumstance, the entire confidentiality of the whole system is obsolete. Not only the information in the text part of the e-mail is freely accessible, but also the sender or addressee, which in some cases may be even more important.

Switching off the problem via a specific option.

You can disable this behavior in the System Preferences > Siri > Siri suggestions & Privacy there you remove the checkmarks. Important: if you get the idea to disable Siri completely, it won’t help, you have to disable the eMail option specifically.

If you have several Macs to manage or would rather work on the command line, then we refer you to the original article, which also offers a configuration profile for download, which solves this problem.


Apple doesn’t care

Apple has been aware of this problem since 29 July and reacted after 99 days (!) and gave Bob Gendler the tip to switch off the function using the above tip. In macOS, however, this circumstance has not been corrected until today. As usual we advise you to be cautious with promises to protect your privacy. This ist not really given already with Siri commands and is not also with encrypted email communication. Maybe Apple thinks that the eMails under Catalina will be deleted anyway.

Privacy under macOS attackable.

These gaps are common in large companies, but we are constantly told by Apple how much they take care of us and our data. However, the marketing budget seems to be a bit higher than the one for the boys and girls to actually make the promise come true. More tips from us for the Apple ecosystem can be found here.

Comments are closed.