Monday, January 8, 2018 [Tweets] [Favorites]

iCloud Drive Can Strip Metadata From Your Documents

Apple:

Apps create files and directories in iCloud container directories in exactly the same way as they create local files and directories. And all the file’s attributes are saved, if they add extended attributes to a file, those attributes are copied to iCloud and to the user’s other devices too.

Howard Oakley:

I have examined files with a rich collection of extended attributes, under 10.12.6 and 10.13.2, on local storage and in iCloud Drive. This confirms that most xattrs are stripped by iCloud Drive in this fashion.

Xattrs removed include:

  • com.apple.FinderInfo
  • com.apple.metadata:_kMDItemUserTags
  • com.apple.ResourceFork
  • com.apple.serverdocs.markup
  • net_sourceforge_skim-app_ series
  • net_sourceforge_skim-app_notes
  • net_sourceforge_skim-app_rtf_notes
  • net_sourceforge_skim-app_text_notes
  • co.eclecticlight.[any]

[…]

Xattrs which are preserved include:

  • com.apple.TextEncoding
  • com.apple.metadata:kMDItemDownloadedDate
  • com.apple.metadata:kMDItemWhereFroms
  • com.apple.metadata:kMDLabel_ series
  • com.apple.quarantine

For me, iCloud Drive preserves tags, but labels, resource forks, and any third-party extended attributes have always been lost. I don’t understand why Apple’s documentation claims otherwise.

Previously: Dropbox 1.0.

Update (2018-01-09): See also: Hacker News.

Update (2018-01-12): See also: Howard Oakley.

Update (2018-01-29): Howard Oakley:

When you access your iCloud Drive from two or more client systems, iCloud Drive knows which files originated from each of the clients, and keeps track of that.

[…]

What is most startling is the way that it adds an apparently unique xattr of type com.apple.cscachefs to many files within application bundles. iCloud Drive doesn’t appear to add quarantine flags (com.apple.quarantine), but adds com.apple.cscachefs instead – only when accessed from a second client.

[…]

Some com.apple.* xattrs, like com.apple.ResourceFork and com.apple.serverdocs.markup, always get stripped; others will only be stripped if they exceed a certain size, which varies according to the type of xattr. All xattrs of 80 KB or larger are removed, but iCloud allows com.apple.metadata:kMDItemCopyright, for example, to reach 24 KB size and leaves it intact. If you rely on a particular xattr passing unscathed through iCloud’s filters, you need to test it carefully over a range of sizes and situations.

1 Comment

Let more reason to keep control of your own data, and avoid these "clouds".

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment