"A small question: what if Saferoom would ask you to let it read only the notes that Saferoom has created? The permissions would be the same (read full notes), but only those created by Saferoom?"
This would be a step in the right direction, I think, but it doesn't totally solve the issue. Even if Saferoom only had access to certain notes, the notes in question would be precisely those notes that I want to keep most secure.
"Because to work with encrypted notes Saferoom needs to read them obviously."
It depends what you mean by "Saferoom" in this sentence. If by "Saferoom" you are referring only to the Saferoom app/software that is located entirely on my iOS device and nowhere else, then yes, I understand that "Saferoom" needs access to my notes in order to encrypt them. But if "Saferoom" means anything more than that (e.g., the Saferoom company, the company's servers, etc.), then it's not true that "Saferoom" needs access in order to function and encrypt notes.
So perhaps the problem is that when Evernote asks me to grant access to "Saferoom" to retrieve all my notes, it does not specify that I'm only granting access to the one individual installation of the Saferoom app that exists on my phone. It sounds like I'm giving the company access, and I don't want to give the company access. Of course, once the data is in your app, your company might have the ability to access it regardless of what I tell Evernote. At some point, I would just have to trust you. But I'd rather not try to increase my security by "just trusting" yet another company with my data. Better to limit the apps (and companies) that can access the data, where possible. So maybe there is no solution....
Thanks for engaging with me on this.