Usually this blog is about Wikimedia statistics. Today I need to digress. My favorite cross-platform archival system is the hugely popular Evernote. I use Evernote for all kinds of data and images, and love the product. So much that I stored all kinds of (mildly) personal data. No longer.
As a paying subscriber I get a few goodies, like setting a pin code. In fact apart from the higher upload limit there are just a few of these goodies so this pin code thing is prominently featured on their sign up page, especially on iPad.
In July I stumbled over a security flaw, and reported it first to the help desk (after all as a paid subscriber I get ‘top priority support’). They confirmed the bug quickly and said they reported it to the engineers. A lively debate on their support site followed, with an Evernote employee participating. 3.5 months, several small updates and one major new release later the bug still stands.
So what is it about? On iOS devices one can circumvent the pin code simple and fast. All that is needed is to remove the app and download it again. Takes less than a minute. Since iOS6 no Apple password is needed for updates. Remember Everything Evernote helpfully suggests to reuse existing account but forgets there was a pin code set. Oops!
Evernote employee responds as follows (paraphrasing, see exact response here): it’s Apple’s fault: they changed their system, and the iOS device has its own pin code which one needs to bypass first, also Evernote supports encryption, that makes this less of an issue.
Evernote, if you rely on the general iOS login code why did you offer an extra pincode in the first place, and brag about it? Maybe some users prefer a short device login code to keep their daily news and amusement within easy reach, but treat Evernote as their trusted vault and use a more solid pin code there. Also encryption support is minimal, only for plain text, not for scans, pdf’s etc.
As much as I love your product, shouldn’t you care for your client’s security before adding new goodies? How difficult can it be to either disable import of stored account data, or remember the pin code as well?!