Although Apple indicates that iOS 7 encrypts email attachments in its Mail app, (See screenshot below), security researcher Andreas Kurtz has discovered that versions of iOS 7, including current release iOS 7.1.1, in fact, do not.
How Kurtz verified this. (Via 9to5 Mac):
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction:
While Kurtz found that the the protected data feature of iOS 7 functions, it doesn’t cover email attachments, even if it is supposed to. Kurtz tested and verified this on an iPhone 4, iPad 2, and iPhone 5s.
Kurtz says he has contacted Apple, and that the company says it’s aware of the bug. However, the Cupertino firm could not supply a firm timeframe for a fix.
Obviously, the lack of email attachment encryption does pose a major vulnerability issue for corporations and government users of iOS 7 and above. So, it can be assumed that Apple is working on fixing the bug as soon as possible.
