Options to protect mobile data - just some thoughts in Off Topic Discussion Posted September 9, 2017 So, it looks like Experian just allowed criminals to access the complete database of fraud-ready information (SSN, addresses, DOB, financial history) of every single adult American with a credit history, and a yet unknown number of Brits. The best thing is, unless the financial industry completely changes the way things are done, that data can be used 5, 10, 15 years from now. This highlights the importance of users at least trying to protect whatever data they can. Assuming they put data that needs to be protected out in the cloud (some of us have to). And the data must be accessible cross-platform and on mobile devices, and the protection mechanism should be convenient enough that you actually use it. So, looking at the options: Protecting data in the databanking app (Evernote, Onenote, Drives etc) This is, unfortunately, the least developed part. Evernote doesn't have any native way to encrypt data on mobile devices, and none on the web platform that I could find. And there seems to be no way to encrypt attachments. There's Saferoom but it hasn't been around very long, it's a closed source app maintained by relatively unknown developers and I couldn't find any data on whether it passed any security audits; you just have to trust that they implemented the encryption standard correctly, with no exploits, bugs, or government mandated backdoors (not sure how that works in Putin's Russia where the developers are located). Onenote has AES126 encryption for sections, which is fairly easy to use with TouchID. It's also the only system I can think of that allows you to search in encrypted notes on mobile once the section is opened. However, Microsoft themselves warn users to not store any really sensitive data in it; while this may be a CYA statement, it does make one wonder... Apple Notes has fairly sophisticated encryption - from the articles I read, you must be a high profile target for someone with enough resources to try and crack your account. But AN is woefully platform-centric, basically unless you use Apple, forget about adding any attachments on the desktop. Protecting data independently of storage providers - this could be the best way to do it, since it gives you total flexibility. Using the built in encryption in Office and PDF files - AFAIK, and based on what I read, Office is finally at the point where it has strong encryption, although how strong their implementation really is - still not sure. And PDF encryption is considered to be pretty strong (with a proper length random password). The PITA here is having to type the password every time you open a document, and also the file names are unencrypted. Using AES encrypted ZIP files. This is probably the easiest way to store tons of data that you don't intend to edit often, especially for people less inclined to learn new apps. However, ZIP format itself is extremely insecure - a file encrypted in a ZIP container can be deleted and replaced with another file having the same exact name, without breaking the encryption. So the bad guys may not read your data, but they can still leave you a nasty trojan made to look like your data. For the people storing their data in one of the cloud drives, there's Cryptomator (which is what I currently use). It protects the files and you can mount it as a separate folder so you don't have to encrypt / decrypt files individually. However, there's no search on mobile. And editing a document on iOS is a multi-step process (export /edit / re-import / delete the unencrypted file). Also I don't think it will work with Evernote or Onenote or any other "wrapper" style system. There's a number of a 3rd party tools that will individually encrypt your files. But I don't trust most of the unknown ones. AESCrypt is well known and has been around for ever, but it's not well suited for working with a large number of files on mobile. No TouchID support, if you want to edit your file it must be imported in, unencrypted, exported out to your editing app, imported back into AESCrypt, and re-encrypted with entering the password twice. All of this could be sped up / automated fairly easily via some interface changes, e.g. specifying a session password and using TouchID to decrypt and encrypt, and specifying the default export location for encrypted files, but so far the developer is not in any rush to do it. Also, it can't be used for web access from a trusted computer that doesn't have it installed (e.g. from work) since there's no portable Windows version. Finally, there's encrypted storage like SpiderOak, Wuala etc - I am not using it so can't say much about this. So, what is everyone else using ?