If you’re an iOS user who uses their emails to send encrypted attachments often, or need that kind of security for your job, it seems that you might want to consider putting a stop on sending emails from your phone, at least for now. This is because of a bug in iOS 7 which apparently no longer encrypts email attachments. This is despite the “Data Protection” feature for iOS 7 being enabled, it has been discovered by security researchers that it no longer seems to be functioning and is no longer properly encrypting data.
Apple’s “Data Protection” feature for email attachments in iOS 7 no longer appears to be functioning properly. Security researchers have tested the feature, as well as examined the data stored on the phone, and have discovered that while the feature is on, it appears to be no longer properly encrypting data. Researcher Andreas Kurtz discovered the issue. He claims that he “verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments.” Following initial test configuration, Kurtz “shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder.” Files examined weren’t encrypted at all.