How It Works
What does Codebook Cloud sync?
Codebook Cloud provides automatic, background sync for all the passwords and other data you can store in Codebook. This means that all Categories, Entries, Labels, Fields, and Attachments will be kept in sync across your installations of Codebook as you add, remove, and edit your data.
When does Codebook Cloud sync?
After the initial sync of the Codebook app with Codebook Cloud, data transfers for sync occur primarily in two situations.
The first is when you make edits to your data in Codebook, including any additions, updates, and deletions. Codebook attempts to sync these changes with Codebook Cloud immediately.
The second is when Codebook detects that new changes from your other devices are available on Codebook Cloud.
Codebook detects new changes on Codebook Cloud via processes we call polling, and background refresh (on Android and iOS).
How often does polling occur?
When polling is active, it runs roughly every 10 seconds.
On macOS and Windows polling only runs when Codebook is unlocked. Once Codebook is locked, polling is terminated.
On Android and iOS polling only runs when Codebook is in the foreground (on your screen) and unlocked. Once Codebook moves to the background (when you leave the app), polling is terminated.
How often does background refresh occur?
On Android and iOS Codebook supports background refresh, which is to say periodically waking up to check if new changes are available on Codebook Cloud.
On iOS background refresh is scheduled by iOS itself based on your usage patterns and machine learning. It takes several other factors into account as well, including battery life and available system resources.
On Android background refresh occurs every six hours, as long as there is an Internet connection available and the device battery is not running low.
Codebook does not support background refresh on macOS and Windows.
Can I disable Codebook Cloud's automatic syncing?
Yes, Codebook provides a switch for turning off Auto Sync. On Android and iOS, you can find this switch on the Sync view. On macOS and Windows, the switch is on the Settings window, under the Sync tab. In addition, there is a switch for turning it off on the Login view.
How will Codebook Cloud effect my mobile data usage?
After you initialize Codebook Cloud on a device, the main use of network bandwidth or data on your mobile device will come from syncing actual changes to your data, which you make over time, and aren't extremely frequent (e.g. creating a new password, adding a new record, changing a password, etc).
When Codebook for Android or iOS is the active app on your phone, and unlocked, it will check for new changes on Codebook Cloud every 10 seconds, on average. This polling is designed to be a very lightweight network activity, using approximately 1.5KB of total network traffic per request and response (~1KB for the request and ~0.5KB for the response). Once you leave Codebook and it is no longer on your screen, this polling is terminated.
When Codebook is in the background on Android and iOS, the only network activity that may occur is an infrequent background refresh that will only use around 1.5KB per request if there are no changes available.
While polling and background refresh use minimal data, more data will be used when actual Codebook changes are syncing. Because of that, customers who are more sensitive about mobile data usage may want to consider fully disabling cellular data or background refresh for Codebook.
Can I prevent Codebook from using cellular data and background refresh?
If mobile data usage is a concern, use of cellular data and background refresh can be turned off for Codebook on a device.
On iOS:
- Turn off cellular data in Settings app > Codebook > Cellular Data
- Turn off background refresh in Settings app > Codebook > Background App Refresh
On Android: Please see your device settings for data usage and background refresh options.
Are multiple-user accounts available?
We're working on it! We have a commercial license offering for businesses that you can read about here. We also plan to offer family plans, allowing one account holder to provide Codebook Cloud to other users under their subscription plan for personal use.
Is sharing available?
Not yet. Like multiple-user accounts, this is a feature we plan to build on top of the existing service.
Can Codebook Cloud undo a delete made by mistake?
Indeed, it can. Codebook Cloud can revert any changes you've made to your data back to a particular change-set. However, this requires some administrative intervention on our part. Please contact our support team for help with this, and be sure to let us know the date and time (roughly) of the changes you want us to revert.
Security
What security precautions has Zetetic taken for Codebook Cloud?
- No sensitive (e.g. production, beta) credentials are stored in our source control repositories.
- No production credentials are stored on our developer workstations.
- Micro-service architecture for the web services that support Codebook Cloud.
- Frequent, comprehensive, and automated testing.
- All Codebook data that is synced with Codebook Cloud is encrypted before it ever reaches Codebook Cloud, with a key that is only stored on your local device.
Can anyone read my data on the Codebook Cloud servers?
Absolutely not. All of the data you sync with Codebook Cloud is encrypted with your Sync Key. We are unable to decrypt or otherwise peer into the change-set information that gets synced to the Codebook Cloud servers by Codebook, it's encrypted before it ever leaves your device.
Will my cloud data be vulnerable to password cracking attacks?
No. The data you sync with Codebook Cloud is encrypted before it leaves Codebook on your mobile device or computer, and it is encrypted with your Sync Key, not your Codebook Master Password. Since the secret key used to encrypt your change-set (sync) data on our servers is a randomly generated stream of bytes, and not a password, it is not vulnerable to password cracking techniques.
How will my Codebook Cloud account password be stored?
When you create a Codebook Cloud account, your user password is stored in the Codebook Cloud database using
the Argon2id
password hashing function, with tuning parameters recommended
by OWASP.
When you create a Codebook Cloud account using one of the Codebook clients (i.e. iOS, macOS, Windows), you are given the option of setting a random password for Codebook Cloud. Codebook then stores this value in your encrypted database, making it available on your devices for Auto Fill and Secret Agent.
What unencrypted data is stored on the Codebook Cloud servers?
Your personal profile information (your account details) and metadata concerning sync change-sets sent to Codebook Cloud during sync are unencrypted. How this information is used is described below.
Personal Profile Information:
When you create a Codebook Cloud account, we collect the following information, and save it to your user profile, which is unencrypted:
- First name
- Last name
- Email address
We don't provide access to this profile information to other businesses except strictly as necessary to provide the Codebook Cloud service (as per our Privacy Policy). For instance, if we need to send an invoice or receipt to your email address for billing purposes, that would go through the SMTP mail service that we contract for email delivery, but that provider is not authorized to use your email address for any other purpose.
Sync Metadata:
Codebook Cloud stores the following metadata unencrypted, when you sync:
- A unique identifier in our database for each encrypted change-set
- The date and time we received an encrypted change-set
- A change-sequence number that is assigned to the change-set
Codebook Cloud needs access to this information to perform the basic functions of a data sync service, in order to know which change-sets to provide to Codebook when the app requests the latest changes to your data.
Can I delete my sync data from Codebook Cloud?
Yes. You can login to the Codebook Cloud website, and take advantage of the Delete My Data button on the Devices & Data page, which will remove all your encrypted sync data from our servers. You can also use the Delete My Data button in the Codebook app on the Codebook Cloud settings view.
Delete My Data will only remove your data from Codebook Cloud, it will not remove your data from Codebook on your linked devices.
Can I delete my Codebook Cloud account?
Yes. To delete your Codebook Cloud account, visit the Delete My Account page. We do need to retain some record of you having been a customer for legal reasons, specifically the name and email address of the account owner, and a record of any subscription purchases. After we archive that information the account is deleted along with all users and data stored in Codebook Cloud.
Can I remotely wipe Codebook Cloud data from one of my devices?
Not currently. This is a feature we will be looking into in the future, we know it's a must-have for some customers.
Can I revoke access to my Codebook Cloud account?
Yes. To review your linked devices and revoke access, see Devices and Data.
Subscriptions
Do I need a subscription to use Codebook Cloud?
Yes. We are making Codebook itself free to download and use, and charging a subscription for access to Codebook Cloud to help pay for the service and further fund development of Codebook. If you want to support our work, buying a Codebook Cloud subscription is the best way to do it!
What if I already paid for Codebook? Are discounts available?
Yes! Customers who previously purchased a license on macOS or Windows, and customers who previously paid for Codebook in Google Play and Apple App Store, are eligible for a loyal customer discount. When you create a Codebook Cloud account using Codebook on one of these devices where you had previously paid for the app, you will be presented with a discount offer on the subscription sign-up screen.
Do I need to purchase a subscription for each device I own?
Certainly not! When you purchase a Codebook Cloud subscription, either through our own store (run by FastSpring), Google Play, or the Apple App Store, your subscription becomes active immediately on all devices where you are signed into the same Codebook Cloud account.
Does Codebook require a subscription too?
No. Codebook itself is free to download, a subscription is only required to use the Codebook Cloud sync service.
Other Sync Services
Do I have to use Codebook Cloud?
No, no one has to use Codebook Cloud to use Codebook, and we have no plans to require it.
Are the other sync services going away?
No, the other sync services that Codebook supports (Desktop WiFi, Dropbox, Google Drive, and Local Folder) are still available as they were before, though we've made some improvements and fixed some bugs.
Will Automatic Sync be Added to the Other Sync Services?
No, automatic background sync is only available through Codebook Cloud.