Apple Mail Stores Encrypted Emails in Plain Text Database, fix included!

UPDATE: 2/4/2020 — the 10.15.3 update released on January 28th fixes the issue, suggestd no longer learns from encrypted messages regardless if Siri and Siri Suggestions are enabled. https://medium.com/@boberito/apple-mail-encryption-bug-fixed-d10f7395352e

System Preferences → Siri →Siri Suggestions & Privacy →Uncheck the boxes for Apple Mail.

2. As the user, not with elevated privileges, you can run this command in Terminal to turn off Siri from learning from Apple Mail.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.apple.suggestions</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>SiriCanLearnFromAppBlacklist</key>
<array>
<string>com.apple.mail</string>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>MCXToProfile.85654d27-2ffe-4ee5-8ae3-ac63864d6bf3.alacarte.customsettings.73a7cb5a-550b-473d-a191-b8ec261302bd</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>73a7cb5a-550b-473d-a191-b8ec261302bd</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Disable Apple Mail Siri Suggestions</string>
<key>PayloadDisplayName</key>
<string>Disable Siri Suggestions</string>
<key>PayloadIdentifier</key>
<string>suggestd</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>85654d27-2ffe-4ee5-8ae3-ac63864d6bf3</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

Timeline

July 29 —

  • Submitted a ticket to Apple enterprise support.
  • Submitted a bug report ticket through Feedback application using an Apple Business Manager account.
  • Contacted professional points of contact within Apple.
  • Received a response from Apple enterprise support.
  • Received response from professional contacts within Apple.
  • Received a response from enterprise support that this has been submitted to engineering.
  • Received response from enterprise support thanking me for testing but no update to report yet.
  • Followed up with Enterprise Support on the severity of the issue again.
  • Emailed Tim Cook.
  1. That with Siri enabled or disabled this process is storing encrypted emails in a database completely unencrypted.
macOS Catalina 10.15.0 — Private key removed. Message unreadable in Apple Mail. Message readable in the database.
macOS Mojave 10.14.6 — Private key is available. Message in Apple Mail. Message readable in the database.
macOS High Sierra 10.13.6 — Private key removed. Message unreadable in Apple Mail. Message readable in the database.
macOS Sierra 10.12.6-Private key is available. Message in Apple Mail. Message readable in the database.

IT Specialist in the Apple world. Jamf guru, wizard of Mac Management, and mastermind of Apple trivia. The views are my own and not the views of my employer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store