Bear’s Encryption Roadmap for 2025

Hello everyone,

With recent global discussions about privacy and encryption gaining momentum, we want to take a moment to reaffirm Bear’s commitment to keeping your data private and secure. Here’s what we’re currently doing and what we’re planning to improve.

How Bear Protects Your Data Today

Bear syncs your notes using iCloud, specifically Apple’s CloudKit framework. This means your data is protected by the same security measures as iCloud itself—encrypted both in transit and at rest on Apple’s servers. While we do not have access to your data, Apple retains the decryption keys, which means they could access it if legally required.

Apple has a strong track record when it comes to privacy and security, and for most users, this level of protection is sufficient. However, we understand that some users require even stronger security, which is why Bear also offers end-to-end encryption (E2EE) for individual notes.

With E2EE, your notes are safeguarded by robust encryption, developed in collaboration with an external security firm to ensure its strength and reliability. Only you hold the decryption keys, meaning neither we, Apple, nor any government agency can access your encrypted notes. Furthermore, they remain securely encrypted on your device, ensuring that even if your device is lost or compromised, your notes stay completely inaccessible.

Upcoming Enhancements to Encryption

While our current system provides strong security, we recognize certain limitations:

• Notes must be encrypted one by one.
• Attachments in encrypted notes are not yet supported.
• Encrypted notes currently don’t support in-text search.

We’re actively working to improve these areas, and some enhancements are already on the way. Encrypted attachments are complete and currently in internal testing. We’re also exploring ways to streamline encryption, such as allowing users to automatically encrypt multiple notes (e.g., all notes with a specific tag).

Encryption is always a balance between security, app features, and performance, and we’re committed to finding the best possible approach.

A Note on Apple’s Advanced Data Protection (ADP)

Apple offers an optional setting called Advanced Data Protection (ADP), which enhances iCloud security. At this time, Bear does not support ADP, and we are carefully evaluating whether it can be integrated. However, there are key challenges preventing full adoption:

1. Apple can still revoke ADP and provide data to authorities (as seen in the UK).
2. Enabling ADP would prevent access to Bear’s upcoming web app, since encrypted data stored on Apple’s servers cannot be decrypted in a browser.
3. ADP does not encrypt notes stored on your device, which could create a false sense of security.

We take security seriously and are committed to providing transparent, effective, and practical solutions to protect your data.

Stay tuned for updates, and as always, thank you for trusting Bear with your notes.

Thank you, @matteo and Bear team, for this. Sounds good! Avanti!

Thanks @matteo for detailed explanation.

I would like to clarify the last point (ADP doesn’t encrypt): data is already encrypted when stored in devices with Touch ID/Face ID enabled, while data stored in very old devices with passcodes only, or without biometrics on is not encrypted.

I have a question: I just found that NotePlan is testing something called Cloudkit Encryption, which looks like being independent from ADP. Can third-party apps develop their own end-to-end encryption?

Thank you for listening! As someone who was considering alternatives due to recent developments, it reassures me to see that the Bear team is working on it

Appreciate the update but (and hey I could be the only one) this feels like more of a “status update” than an actual roadmap. You have said all of this before, none of it is new. I only come off strongly here because I really think Bear is an amazing tool that I (did) would literally use everyday. The UI is beautiful and the UX is impeccable. Unfortunately it’s what goes on under the hood. People put some of their most sensitive data into their notes app. Be it journaling, finances, work-related documents, etc. and I don’t think we should have to sacrifice security for a paid app in 2025. Apple is probably the “best” at safeguarding our data out of the big tech companies — I’ll give you that. But it just continues to dwindle as time goes on. In 2025, the customers of a paying application should be the only ones who have the decrypt keys to their entire database. Even for the naive who say they don’t care, it’ll automatically protect them.

I tread the line of sounding like some tin-foil hat weirdo when I say this, but I do it because I love Bear and hope one day this will become a priority, but this is still not enough. The point still stands that Bear doesn’t nor does it seem like it will have true zero knowledge encryption anytime soon. That’s what I, and it seems like many others, want.

Please educate me more about why you guys can’t implement ADP — like what does Obsidian or all the other apps out there have or what can they do that you guys can’t to implement ADP? Cause truly I don’t know anything about it. I’m no professional, I’m just going off of what I learn by myself so I’m always down to learn or be corrected so I know for the future. I understand encryption is a whole beast on its own and you guys are a small team. But you teamed up with Cossacks Labs to incorporate the single note encryption back in 2019, right? What’s stopping you from working with them again to implement a complete zero knowledge encryption database? I understand that encryption could mess with the whole web app you guys have going — is that the only reason and if so can that just be a caveat for the web app users? Have full E2EE for the iOS/Mac apps and if you use it in a browser, well it’s not E2EE. Or does that not work? And if it doesn’t, then it seems like (from a customers pov) that you guys are prioritizing getting a wider spread of customers over true security and protection. But this is just from the outside looking in, please correct me if I’m wrong.

And honestly, if you guys do prioritize spreading your customer base farther over true E2EE then just say that, I’d respect it. I get it — it’s hard out there in life lol and because yes, for the average person, the security protocols you have in place are completely fine. If they knew better, it wouldn’t be, but I digress.

Again, I only come off so strongly because in every other area, Bear is amazing. It truly is the best notes app out there imo. But, especially in today’s age, true ZKE should just be a top priority.

Thank you for taking this so seriously! The priorities you identified are precisely those I’d like to see you focus on to make Bear not only a pleasure to use, but competitively secure.

Can someone with knowledge please clarify that point? As far as I have followed the discussion it seems to me that this ADP thing doesn‘t give the desired full protection and is something different than a full ee2e encryption of the database

ADP is designed to protect your data only on Apple’s servers (iCloud) by encrypting it at rest. While this adds an extra layer of security, there are a few important considerations:

1. ADP is not available in some countries.
2. Apple can revoke ADP and require you to disable it (as seen in the UK).
3. Your notes remain unencrypted on your local devices, which are far more likely to be stolen, breached, or confiscated.
4. If you lose or corrupt your iCloud Keychain, all your data will be lost permanently, with no recovery options.
5. Enabling ADP would prevent access to Bear’s web app, as we wouldn’t be able to decrypt your data in a browser.

ADP isn’t inherently bad—it’s just that, based on what our users have told us, it doesn’t truly address the privacy concerns they’re facing.

Our encryption is truly zero-knowledge, meaning only you have the decryption key—it’s never stored or known by anyone else. Your data is encrypted on your device, during transmission, and at rest on the server, ensuring complete privacy at every stage.

I understand that your concern is that we don’t encrypt all notes by default, but that’s like asking why your apartment doesn’t have the same security as Fort Knox—it’s simply not necessary and would negatively impact the overall experience. That said, as I’ve already mentioned, we’re working on features to make it easier to encrypt multiple notes automatically.

We’re still evaluating ADP, and I’ve written our reasoning here.

Bear has supported end-to-end encryption (E2EE) since day one, reinforcing our commitment to privacy and security from the very start.

Different users have different priorities, and no single approach will suit everyone. We understand that Bear may not meet every user’s specific needs, and we encourage everyone to explore what works best for them.

Best.

CloudKit encryption operates independently of ADP, but for Zero Knowledge End-to-End Encryption (ZK E2EE), ADP needs to be enabled. Without ADP, Apple holds the keys to decrypt the data, so it’s essentially an extra layer on top of the default iCloud security.

Additionally, third-party apps can implement their own encryption layers (like we’re doing with ours).

Is there an ETA on when it will be released?

Thank you for addressing our concerns. For me personally, supporting attachments in encrypted notes would address all of my issues with the way Bear implemented E2EE.

Just exploring here, but would it be possible to apply your ZK E2EE to the entire database, and decrypt it upon opening the app? Would that have a significant impact on performance, even on modern devices? Thanks

It’s not different. From Apple’s iCloud data security overview:

If you choose to enable Advanced Data Protection, your trusted devices retain sole access to the encryption keys for the majority of your iCloud data, thereby protecting it using end-to-end encryption.
…
When you turn on Advanced Data Protection, third-party app data stored in iCloud Backup and CloudKit encrypted fields and assets are end-to-end encrypted.

The recent issue with ADP is that Apple can revoke ADP and they had to do so in the UK: Apple can no longer offer Advanced Data Protection in the United Kingdom to new users. If that happens in your country, you would lose E2EE for the data ADP protects.

Although it’s technically possible, it would significantly hinder the app’s usability. Encrypted notes wouldn’t be searchable, the Shortcuts/Sharing Extension would stop functioning, and the web version would lose about 90% of its usefulness, as it relies on reading data directly from the server and wouldn’t be able to decrypt it there.

Bear wasn’t designed to function that way, and we still believe it’s not the direction we want to take.

Thanks for the update! Very happy with Bear and its focus on privacy. Once we can lock notes with attachments, I’ll be happy with the balance of features and encryption.

Apple can still revoke ADP and provide data to authorities

Yes, however until they do (i.e. for a given region), it remains a good E2EE option where users have the keys, and Apple is unable to read data. Should they pull it for a given region, it’ll be done so with advance notice so that users can take action, as was the case with the UK.

Enabling ADP would prevent access to Bear’s upcoming web app

I don’t think I’m alone in saying that this is a perfectly fine trade-off for full-on support of ADP and can easily be communicated in-app during setup.

It’s great to see this post and understanding that there’s a wide spread of technical savviness across Bear’s user base, I’m sure that you can create UX that can continue to serve those that just want a great notes app, and those that want a great notes app and know what they need from a security POV.

Thank you for the detailed explanation!

Your users that run on super old hardware that can’t use ADP anyway or your users who don’t actually care about security? (Or at least, don’t care that much about it) They don’t seem like the best group of users to rally behind on this issue seeing that most don’t really care about it. It’s only seeming like a smaller, yet vocal, user base does.

Sure, you can technically say that you “support E2EE” because of the single note encryption — but again why not work with the same company that you worked with before to make the encryption even better? It’s been 6 years since you implemented pw locked notes. They can’t help you guys implement true E2EE for the entire database?

No, my home isn’t locked up like Fort Knox because I live in a low crime area. But best believe I have security cameras, sensors and good locks on all my doors. I store more sensitive information in my notes app than anything I have at home. So that point is pretty moot.

1. ADP is available in most countries
2. Yes, they can and that’s horrible. But, it hasn’t happened in America yet and if it does — then yeah we’ll have to figure something else does but until then this is again moot.
3. Literally, no. If you have ADP enabled, then anything that is covered under that umbrella (Apple Apps, Obsidian, other note apps) is encrypted on your device, E2EE in the cloud. Yes local files aren’t encrypted, but they’re on my device which I’m a lot more comfortable with. But if I put those files in iCloud, they’re truly E2EE
4. Yeah, that’s pretty much the point. Don’t lose your iCloud Keychain and keep backups.
5. Tbh, I personally would give up access to the web app to get a full encrypted database. Again — prioritizing the web app over finding a way to implement ADP is wild and really just looks like you want more users. Which, hey that’s cool.

Look, I’m sure you don’t like someone actually asking questions about an app that you (I’m assuming) built from the ground up but these are just things I feel like should be said.

Also, you guys use true E2EE pretty freely. Theres still a big user base that thinks Bear supports ADP which means you guys haven’t really advertised that caveat all that well. But, hey whatever like you said — Bear just may not be the best for every user.

Good luck @matteo

Great simple and thorough explanation. Thanks .