Of SNotes and Samsung’s Sync/Backup Servers

Samsung maintains their own “Android Store” called “Samsung Apps” and they push updates for much of their bundled software only through Samsung Apps. For example, if you want updates to your Polaris or Hancom office suite, you need to go to Samsung Apps to get them. The rub? Access to the service is only granted to those logged into the system with valid credentials.

So. If you’re using a Samsung Android device and you’re not rooted and you’re using Samsung’s software offerings and you don’t dabble in the software black market and you want updates (and there are lots of legitimate reasons for being a person who meets all those criteria), you need to have a Samsung account and you need to be logged into that account on your device, at least every once in a while.

In and of itself, that’s arguably not horrible – but here’s the kicker: When you configure a Samsung account on your Samsung Android device, it will immediately begin to sync your content – Calendar, Contacts, and Internet bookmarks at a minimum – to Samsung’s backup and sync servers, without your approval and without your intervention. On SPen devices, this sync’d content will also include any SNotes.

I can find no publicly available information regarding the location of Samsung’s backup / sync servers, nor can I find any information regarding whether sync’d content is encrypted (neither in motion nor at rest). It’s fairly easy to snoop the network traffic, but I haven’t gone down that path yet, and in the absence of testing, it’s probably safe (and certainly wise) to assume that encryption isn’t being used anywhere in the process. Even if the transfer is secure, the data almost certainly isn’t effectively encrypted at Samsung’s servers (which in all likelihood reside in South Korea). Even if your data is encrypted at their servers, it’s a safe bet that Samsung holds the decryption key and that their employees (and perhaps the South Korean government, and by extension, any of a number of other governments) can peruse your content at-will. With all that in mind, it’s probably inadvisable to use Samsung’s sync services. So I don’t. Or, at least, I try not to do so.

So imagine my surprise when I launched SNote recently for the first time on my new Galaxy Note Pro and was immediately prompted to import nearly 45MB worth of almost 100 SNote memos from Samsung’s sync server, many of which contained confidential company and personal information!!! I was under the mistaken impression that the content on my old Note 10.1 had never existed anywhere but on the device.

The big take-away here is that if you don’t want data (e.g., your contacts) to sync to Samsung’s servers, it’s advisable to configure your Samsung account on your device before you create or load any data on your device. This ensures that only null data is sync’d, and it gives you the opportunity to disable those synchronizations. On a new or recently wiped device, this means one of the first things you should do is configure your Samsung account.

IF, however, you aren’t so fortunate to have done that, you now have data stuck pretty good on Samsung’s servers – and how to get it off isn’t straight-forward nor is it well-published. Much Google-searching on my part turned-up nothing useful and I eventually had to contact Samsung’s tech support on the matter. As it turns out, as a non-Samsung employee, the only way to delete sync’d content from their servers is to delete it from your device and allow the delete action to sync. If you have multiple devices, even that isn’t straight-forward – and so, without further ado, I present to you the procedure to delete SNote content from Samsung’s servers: http://www.jeffarnold.net/articles/delete-snote-content/

I leave you one last caution:

I’m fortunate enough to run my own collaboration server, which supports full mail, calendar, task, and contact synchronization. Because of that, I was able to effectively backup all those things to my own server, turn off that sync, delete that additional data from my devices, and then let the deletes sync back to Samsung. The article I’ve linked up there pertains specifically to SNote content; it’s entirely possible – likely, even – that you’ll be faced with trying to remove more than just SNote data from Samsung’s servers, and the same device-tagging that I’ve reference in the article will likely apply to that additional data as well. I’m not in a place to test that, so I can do little more than tell you that the same approach I’ve described here will likely work – and need to be used – to get that additional data deleted as well.