The next update to Espionage, Espionage 1.1.3, is turning into 1.2. It will be Espionage’s first major update, boasting many significant new features including: built-in DelayedLauncher, custom master-password support through a separate keychain, various UI changes, and more. Another huge feature (that’s currently hush-hush, involving some more of iSpy’s magical abilities), may make an appearance in this update as well.
However, this post is mainly about one of the features that you may see removed from the next update, and that’s Espionage’s ability to password-protect a folder without encryption, and hence, insecurely.
There are two reasons that I’m considering this:
The first is that it adds some inconsistencies to Espionage, one prime example is the ignore list. Normally, applications that are whitelisted still do not have access to the actual contents of a folder (when it is encrypted), however, they *do* have access to the real contents when that folder is not encrypted.
The second reason, is that it can unwittingly generate bad press. One example is this post by Alex Payne where he describes Espionage in the following manner:
The other tempting option for encrypting just a few files is Espionage, which looks to be part of the so-called “Delicious Generation” of high-gloss single-purpose apps. Unfortunately, this detailed review suggests that Espionage is more style than substance, as there’s a number of scenarios in which the protection it provides is rendered moot.
I should probably make it clear here, that Espionage’s primary method of protection, the encryption of folders, is as secure as FileVault’s1, because it uses the same encrypted disk image technology that FileVault uses, as well as OS X’s secure keychain system.
I know that unencrypted password-protected folders can be a convenient way to protect “a collection of videos that you don’t want your grandma to have access to but don’t care enough about to encrypt”, but does anyone make use of that feature?
We’re interested in hearing your thoughts on this issue, so let us know in the comments.
1Actually, it might be more secure because Espionage has the AES-256 option, and soon, a separate custom master password.