A Deep Dive into Keepsafe’s Privacy and Security
There are a lot of apps out there that purport to protect your most personal and, let’s say, intimate media, and one of these is Keepsafe. Keepsafe has been around for over a decade: the first version of their Android app was in June of 2011, with the iOS version released the following year in April. They were part of a new category of popular apps, filling the need that people had to hide private photos on their mobile device. While Keepsafe may certainly be the market leader, you have to ask yourself before using it: is Keepsafe safe and secure? As an iOS developer and one of the founders of Encamera, a privacy-focused photo storage app, I have a vested interest in exploring the security features of other apps in the marketplace. I think that it may surprise you what capabilities Keepsafe has to access your private data, and that’s what I want to discuss in this post. I will be focusing on their iOS app, since that is the area of interest for me.
Before we begin
If you’re keen to follow along and verify some of the things I’ve verified myself, I used a couple of command-line tools to do this. I used IPATool to download the app from the App Store, and dsdump to investigate the class and method names in the app binary. To investigate the network traffic, I used Charles Proxy. A disclaimer: I’m not a security researcher, just an iOS engineer who knows how to have a peek at what’s inside iOS apps. This investigation was done in May of 2023, and it’s possible that if you’re reading this later on, things have changed.
Data Collection by Keepsafe
In order to use Keepsafe, you must enter your name and your email address. For me, this is an immediate privacy concern, as it associates your identity with an account on Keepsafe, making it possible for hackers to personally target you if they have your email address already. Of course, there are ways around this that will increase your privacy, such as using the “Hide my Email” iCloud functionality, which I would definitely recommend using.
Digging a little deeper into the technical side of things, we can open the app package and see that Keepsafe is using Amplitude in some capacity, which is a tracking and analytics platform. However, because they have an extra layer of security enabled on their tracker (certificate pinning) when sending tracking data, I was not able to view the data that was sent to their servers using my proxy, but I could see that it was calling out quite a bit when interacting with the app. It’s probably mostly sending data about where you tapped, etc. Amplitude says that they may share data with third parties, and their policies are pretty normal for the user tracking category of businesses.
Keepsafe is able to look at your media
This is nothing secret, they are very open about this, and it even says so on their website. Now, I’m sure the circumstances would have to be extraordinary for the Keepsafe staff to be compelled to open your photos, either by law enforcement or otherwise, and I’m not trying to cast doubt on their intentions to deliver on their promise of security. However, if they have this capability, that means that malicious actors could gain access to this ability, as well. This includes both hackers and compromised staff members inside their organization. Though Keepsafe has promised that security is their highest priority, big names like Uber, Twitter, and WhatsApp had serious data breaches where people’s personal information was exposed. Uber even tried to cover up one of their data breaches (they have had a few), and their chief security officer was recently sentenced to three years probation and ordered to pay a $50K fine for this coverup.
Keepsafe would certainly be a target for hackers, and if they were able to successfully breach their defenses, every user’s security would be compromised. You also need to trust that a report would be released saying that Keepsafe has been compromised, instead of trying to sweep it under the rug like Uber tried to. I’m sure Keepsafe has the best intentions and have amazing security engineers on staff, with the top of the line protocols, but something tells me that Uber and Twitter would have claimed the same.
## Potential Use of AI for NSFW Content Detection
This was a surprise to me. Inside the app bundle, which is what is downloaded to your phone from the App Store, there exists a file named “nsfw.mlmodelc”. This file is an Apple ML Model, designed to be used by Apple’s Vision Framework to detect images that it has been trained on. These models are used on the device to provide instant recognition of objects that match what the model can recognize.
Given the name of the model, I think it’s probably been trained to identify some private stuff. Having a further look into the app binary, we can see that there is code that uses this ML model. Below is a screenshot of the compiled code, with the method names extracted.
The line you see above corresponds to a method called `IntelligentImporter.getNsfwScore(from:)`. Just to be clear, I don’t have the source code to Keepsafe, this information is included with the app you download from the App Store. Because I don’t have the source code, I can only speculate about the how this data model is used. Because this code exists, it definitely invites the possibility that Keepsafe is analyzing your photos to check for NSFW content. Maybe they are doing this to get a better idea of what their users are up to, perhaps for market research? It’s impossible to say for sure without seeing the code.
If this AI model exists in the app along with the method names I found, it means your personal images are capable of being analyzed, which might make some users uncomfortable. It could be that this type of analysis is warranted in their terms of service, and that they have the right given by you when agreeing to their terms of service. I still think it’s a concern given that they have full access to your photos on their servers, and could decide to view your photos at any time.
Is Keepsafe secure?
Keepsafe seems genuinely committed to keeping your media safe, and I really don’t doubt that commitment. They choose ad providers that are more privacy focused, and they communicate that they do not reveal your data unless for legal or safety reasons. However, the fact still stands that they can view your photos, and you need to consider that if you decide to use this app. Whether or not the AI they ship with the app is a threat to your privacy is unclear, you should simply take that information into consideration when making your decision. No matter how strong the encryption is that a service is using, if they have the ability to look at your photos, it means there are human beings ultimately deciding what is kept secret.
An alternative to Keepsafe
I believe that privacy apps should have zero knowledge about what is being stored. When I discovered that most of the other secret photo vault apps like Keepsafe use their own cloud storage and keep data on their servers, I was motivated to build my own. This is why I built Encamera.
How is Encamera different?
Encamera is different than Keepsafe because it is a standalone app that lets you store your media encrypted on your own iCloud or locally on your device. You control where your data goes, and when you delete it, it’s really gone. There isn’t any user-specific tracking or ads in the app, and it’s got a better design than most photo vault apps out there. We do some behavior tracking, but it’s only to measure how people are liking the features we implement so we can improve the app, and it’s anonymous. Many people don’t like subscriptions, so you can even purchase a one-time license if you’d like. If you’re looking for an alternative to Keepsafe or other photo vault apps, I hope you’ll give Encamera a try.
I think it’s important that people have the ability to have somewhere they can keep photos they don’t want other people to see, and to have confidence that their data is safe. We have open sourced the core functionality to help gain your trust and to be transparent with the functionality. All the encryption functionality, storage code, and keychain access code is in that library for the world to see.
Try Encamera for free
If you value your privacy and want full control over your personal photos, I invite you to try Encamera for free, where you can add 10 photos or videos before upgrading. After that, you’ll need a premium subscription.
Conclusion
In doing the research for this post, I did not expect to find out what I did. My original goal was to write a piece that pointed out that Keepsafe collects your data and can view your photos, because they say that on their website and I believe that’s not obvious for most people. But to find the data model that gives Keepsafe the capability to analyze your photos was a surprise. My hope is that Keepsafe would be more transparent about their practices, so this wouldn’t be a surprise to people who are concerned about their privacy. I hope I have done well to explain the topics and educate you a bit about this massively popular photo vault app. If you have feedback or comments, feel free to contact me at alex@encamera.app.
Thanks for reading!
— Alex