The Hidden Privacy Risk in Note-Taking Apps

Filed under Privacy Research on

This is the first in a series of posts about common but largely unknown privacy risks.

People are doing more than ever to protect their privacy, but not every privacy risk is explained in the news. This series highlights some of the lesser-known though commonly encountered privacy risks, and explains what you can do to protect yourself.

First up: Saving private information to an unencrypted note-taking app.

Note-taking apps have become a welcome replacement for post-it notes. People frequently use them for quick to-do and grocery shopping lists, but they’re also often used to store more private information.

Our survey of 1,029 American adults found almost half (45.3% ±3.1) have saved one or more of the following in a note-taking app: usernames, passwords, social security number, credit card information, and security or PIN codes.

That’s alarming given that many note-taking apps aren’t encrypted by default! Encryption is a process that scrambles text data, rendering it unreadable by anyone who doesn’t have the key (usually a password or passphrase). This means that apps that don't encrypt your notes by default leave them vulnerable to hacking by people who can access your device or the login credentials for your note-taking app. Hackers could even see the content of your notes by spying on your network, if the note-taking app has a sync function with no encryption.

Most people (58.2% ±3.1) were not aware that many notes apps don’t encrypt notes by default 😬.

Pie chart depicting awareness of the privacy risk of note-taking apps
Answer Options Percentage of Respondents
Yes, I was aware 34.48%
No, I was not aware 58.24%
I'm not sure 7.28%

The Solutions:

1) Be wary of storing sensitive information in unencrypted notes. This zero-tolerance approach will help safeguard your information.

And, if you are using a note-taking app to store username and passwords, please stop 🙅. Switch over to a proper password manager instead, like Dashlane, 1Password, or LastPass, which prioritize encrypting sensitive data by default. When you do, also be sure to enable two-factor authentication (2FA) to defend against data leaks.

2) If you’re open to changing note-taking app providers, consider more secure options like Standard Notes, or Joplin, both of which offer end-to-end encryption and are available for iOS, Mac, Android, Windows, and Linux.

3) If you plan to continue using your current note-taking app, take the time to enable optional encryption on any text that contains sensitive information. Below we've outlined encryption options available on the most frequently used note-taking apps:

  • On Evernote, users can "encrypt the text content in a note", although it only offers this if you are using the Evernote desktop client on Windows or Mac and doesn't currently allow encryption of an entire note or notebook.
  • On Apple Notes, users can encrypt entire notes on any iOS or Mac device.
  • On Microsoft OneNote, users can encrypt sections of notes on Windows, Mac, and iOS devices.
  • On Bear, iOS and Mac users can encrypt individual notes. However, this feature is only available with Bear Pro.

4) Lastly, consider encrypting all of your device data with our step-by-step guide to encrypting iOS, Mac, Android, and Windows devices. This can protect the contents of your devices should they end up in the wrong hands.


Methodology

These results are based on the polling of a random sample of 1,029 (January 2020) American adults (18+) via SurveyMonkey’s “Audience” platform, which ensures the demographic make-up of respondents is representative of the U.S. population. Survey respondents were paid and a confidence level of 95% was used for calculating the values above.

If you’re eager to read part two of this series, follow us on Twitter, or sign up for our privacy newsletters for our latest updates.

The Hidden Privacy Risk in Note-Taking Apps
Share this