IGG Customer Support is currently closed in celebration of Thanksgiving. Live chat will resume on Saturday, November 29.

IGG Developers' Blog

A chunk of sync update

Back in December, we announced we were working on a new sync solution for iBank. It has been in development for some time now and is coming along nicely. Though it’s not ready for release just yet, I wanted to touch base with everyone to talk about how sync is shaping up. But first some history.

Why are we doing this?

Our current sync solution was originally designed to sync from iBank for Mac to iBank Mobile on the iPhone using MobileMe. It was designed with the Mac serving as a hub for all of the iPhones that sync with it. We extended this model to support iPad and moved from MobileMe to webDAV when MobileMe was discontinued. Since that time we have been researching various replacement solutions. We looked at iCloud CoreData sync, but with the complexity of our model — including external file attachments and various schema differences between products — this option did not work for us. We looked at working with DropBox or other host file storage systems, but again, these did not meet our needs. It became apparent that to get what we wanted, we were going to have to build it.

There were two key goals that have driven the design of our new sync solution. The first is to be able to sync any combination of supported devices without needing iBank for Mac to act as the hub. This means you can sync between iBank running on an iPad and an iPhone, or two (or more) iPhones, or two (or more) iPads, all without needing iBank for Mac. (You can even sync two financial books on the same iPad, but I am not sure why you would want to.) Of course you can still include iBank for Mac in the mix. And, as part of this setup, we don’t want to require that any device be on and running iBank except the one actually doing the current sync.

The second goal is that syncing should be easy to set up and effortless to use. This means we don’t want customers to have to enter URLs, or set up accounts with third parties, or worry about router configurations. If you have Internet (specifically web) access from the device, then you can sync, period. This also means that you don’t need to be connected all the time to use your data, and when you reconnect, any changes that you made will sync.

There is a third, overarching requirement that we have for all our products and features: security. We want to make sure that your data is protected from bad guys, from good guys, and even from us.

So what did we do to reach these goals?

The first goal, to support any combination of devices with only the syncing device needing to be on, leads us to having a server to store the sync data that all devices can connect to at any time. This is because we have to hold the sync data somewhere. Furthermore, since our products can support multiple financial books or documents, the server will need to have support the syncing of different financial books to different devices.

The second goal also leads us to wanting to have an IGG server so that you don’t need to set up with third parties or enter URLs, as the webDAV solution requires. Also, the IGG server needs to be smart enough to handle incremental updates to the sync data.

This runs right into the third goal of security: we don’t want to see your data. To meet this requirement we are going to chunk and encrypt all the sync data on device with a random key. That key will be encrypted with a password that you provide. The result is that the sync server will only be dealing with chunks of encrypted data. We at IGG will have no way to see the actual data on any of our servers or in transit. When a new device is set up to sync with a financial book, you will enter the password that you originally provided for the encrypted key.

If that seems complicated, what will your experience be like?

We think this experience will be great.

When you decide that you want to share your existing iBank for Mac financial book with other devices, you just choose a new menu item “Share Financial Book…” from the file menu. This will bring up an assistant that will ask for your iBank ID (or you can set up a new iBank ID at this time). The assistant will then ask you for a name for the shared financial book, or it will default to the file’s current name. Finally the assistant will ask you to enter (and confirm) a passcode for the data encryption. After that the financial book will start uploading to the sync server.

When you go to your iPad and create a new financial book you will be asked if you want to create this from a shared financial book. When you say yes, you will be prompted for your iBank ID. Once that is entered you will get a list of shared financial books and you just select the financial book you want. You then enter your passcode for the sync encryption and the data will start to download. After that you should not need to do anything and the two (or more) local financial books will stay in sync.

What will happen to our current sync solution?

When we launch our new sync solution we will be sunsetting our old sync methods. This means that all products that support the old sync solution will continue to work. At some point after the launch of our new sync solution we will be slowly removing support for the old sync as we revise those products. I know that it will be a disappointment to some of you when we ultimately drop support for local Wi-Fi sync. However, at this time we just see one integrated host sync solution as the best way to meet the vast majority of customer needs.

How much will I have to pay for this fancy sync?

This sync solution has been very expensive to build and host. The hosting will also be an on going expense for IGG. However we think that the sync experience is so key to what our products offer, now and in the future, that we are offering sync for free: no monthly charge, no Direct Access subscription required. Just FREE.

Anyway I wanted to fill you in on where we are with sync and what it will look like. I hope that this gives you a better idea.

Thanks,
James

37 Responses to “A chunk of sync update”

  1. Judy Says:

    Please do not drop WiFi syncing. I much prefer keeping my financial data under my control and have LOVED iBank since first starting to use it in 2010. In these days of security concerns and issues, it is unbelievable that an organization would force people to give up the privilege of syncing their information the way they feel is the most secure. Why in the world would you do this? I left Quicken long ago because your product was far superior. Will I now have to look elsewhere–again–for a product that fits my needs? Just this morning, when syncing my data over wifi, I was thinking how wonderfully fast and accurately iBank works. What a disappointment to get this information just a few minutes later!

  2. Simon Says:

    I understand the concerns some might have for security, that said I do think most people are the architects of their own issues with security simply because they make misguided choices with passwords. I’m pleased to hear you are pushing forward with a more universally available sync, one that is present wherever you have Network connectivity.

    Looking forward to this being available and I do think it will add hugely to the benefits of using IGG Software

  3. Julian B Says:

    I currently sync iBank (v4 and v5) via Dropbox, and so long as I ruthlessly ensure the datafile is only ever open on one OSX machine all is fine.

    How will the new system cope with the possibility of the same datafile being open on 2 devices at the same time?

    And BTW, free is great news – well done and thank you!

  4. Elliot Says:

    At present, I sync between Mac, iPhone and iPad over local WiFi. My financial information is only stored on my devices and is only transmitted over my local network.

    Your post suggests that, in future versions of your products, such syncing will require my financial information (including account numbers, institutions, previous transactions, balances, etc.) to be sent over the Internet and stored on your servers, leaving my control. This will be encrypted before transmission and stored in encrypted form. However, the encryption key will also be stored on your servers, protected by a password.

    This means that the quality of the password chosen, your choice of encryption algorithm and its implementation become very important. It is unclear from your post how the data will be (securely) transmitted between devices and your servers, how you will control access to your servers or how you will manage and retain data. In addition, it does not clearly describe an ‘iBank ID’: is it a username and a (different) password?

    I am sure that you understand that people consider their financial information to be highly sensitive and that you are aware of the flaws found recently in widely used encryption software.

    I am very concerned about the storage of this data on your servers and the associated risks. For example, if a ‘bad guy’ gains access to users’ encrypted data and the associated password-protected encryption keys, attacks on the passwords could be tried offline.

    I have been a very happy user of iBank for Mac since 2008 and the related iOS apps since they were released. I have found these products to be very useful. However, if this becomes the only sync option available, I feel that I will also have to seek out alternative products.

  5. RJ Says:

    Hello iBank Team,
    I think it is great that you are planning to integrate a sync-any-to-ay solution with your server. But I also think it makes sense to keep in mind that a lot of people will not want to share their data – encrypted or not (we all know there is NO TOTALLY secure cloud service) – with someone else and BE DEPENDENT on the availability of their servers/service. The companies I consulted to use iBank and the companion app ALL demanded (rightfully) that their data stays within their LAN/server (otherwise they might as well use one of those online banking services, right?). So if you drop direct syncing – this software will no longer work for all those companies. You might say that eventually they might be forced to move to the cloud because there is no other option – well this might be (I doubt it), but why would they then use Iggsoftware, when there are so many other solutions out there.

  6. Marco Says:

    _Please don’t drop WiFi / WebDAV sync._
    Seriously, I like your work and all… But if you choose to force me away, I will leave.
    Given the current state of available alternatives, that will suck.

    Please refrain from making my life more complicate.

    iBank user since 2010.

  7. Bjoern B Says:

    I have to agree with the other statements that moving all my financial data to your servers is an absolute no go for me. I’m a Software Engineer, so I know that Software always has errors, so there is no way to guarantee that your server solution will be error free and that no one can get to all my financial data on your servers in the US. Especially with the recent history of the NSA even intercepting data from Google and other big companies, who have a lot more people working on those software solutions, I can’t trust you with my financial data, when those big companies can’t guarantee safety either.

    If this way of syncing is enforced, I will just have to stick with an old version of iBank or only use the Mac app and drop the iPad app, so that no syncing is required. I hope that you do realize that with that very expensive feature that you are offering for free, you will lose a lot of paying customers.

  8. Bill W Says:

    For me this is really good news. I flit between my iMac & MacBook (as well as iPhone & iPad) depending on where I am and the difficulties in keeping my accounts up to date has been very frustrating. I bought iBank 5, but have continued to use iBank 4 as it seems easier to keep iB 4 databases in sync via Dropbox. I understand why folk would want to keep local sync solutions, but for me this is a major step forward. Now if we could fix the bug with posted scheduled transactions I would be even happier!

  9. Randall Phillips Says:

    Thank you for this update on your synching solution for iBank. I’ll share what I like and how I feel about the security concerns voiced by others.

    I have used iBank for iPhone to sync with my Mac since both were introduced. In the MobileMe days, I liked that I could hit the sync button on my phone at any time and send my transactions off the server at any time. What I did not like was not having any transactions that may be in my Mac file if they had been entered but the sync button not hit. The Mac as the hub was a minor annoyance. Your proposed solution gives me back the ability to sync anywhere, anytime and adds the ability to have each sync bring my device completely up to date with all transactions entered on any other device. I like this very much.

    As for security, I understand the concerns expressed in other comments. I view storing data on your server as a reasonable risk to take. My thinking is that I do not have information stored in my file which would be of use to others. I do not have account numbers or passwords in the file. Nor do I have my name or address in the file. I understand that those who use Direct Access cannot have this level of anonymity.

    One question I have on your new sync solution is on the issue of multiple Macs. I have an iMac and a MacBook Air. Right now I use iBank only on the desktop. Will the new solution keep two Mac versions in sync?

    Thank you for the continued development, keeping us in the loop, and for the opportunity to comment.

  10. Bruce Says:

    This is awesome!! This is the one feature i missed using Quicken. We’ll be able to sync anytime, anywhere!
    This is great especially when two people are updating data from two different devices at the same time. Both parties are up to date — real time!

  11. Jan Loope Says:

    Great news! If there is a way to sync now, will someone let me know???

  12. PF Says:

    Sounds interesting but lacking in details on the security and encryption.
    Are you using public key encryption ? Where is the encryption taking place ?

    Who or what generates the key and why would you need a password to protect the key if the key doesnt leave the local machines ?

    Is the link to your server encrypted ?

    Many unanswered questions and with your prior shaky history of having many many basic bugs its hard to trust your encryption scheme.

  13. ian Says:

    @Randall, yes you can sync multiple Macs with this solution.

    @PF Encryption always takes place on the local device. We use a DEK and KEK pattern, not public key. Your private key is encrypted with your password and a salt. The connection to our server is over SSL.

  14. Valentin Says:

    As much as I waited for the description of the sync solution as much I feared it will be exactly what you had just described – a hosted proprietary storage. That and the sunsetting of other methods of sync. I consider my financial data to be truly private and personal. Meaning no distrust but there are very few people, and even less – organizations, to whom I allow to see this data.

    I can understand that there are technical requirements that can be unique to iBank that prevents you from allowing my storage of choice to be used directly.
    The only suggestion I have is to make your sync service application:
    a) portable to my server of choice where I control and check access as well as backup, where compromise of my or others setup will not mean potential breach for others,
    b) make it open source for community to trust and validate.

  15. Doug Says:

    PLEASE leave the option for local WiFi sync as a permanent alternative, even if it requires the two apps and books to be open during the sync process. Many of us are not comfortable with our financial information being on a 3rd party server, out of our control.

  16. Thann Says:

    I also agree, local wifi sync is a must in this type of software. When Wifi local sync goes, so does this customer.

  17. Fergus Says:

    I’m pleased that you are incorporating a more sophisticated approach to syncing than the existing and unfortunately quite flaky Wi-Fi based approach. The steps you are taking to allow the user to control the encryption key is satisfactory from my perspective as a retired Software Engineer. As far as the NSA and all other government and non-government hackers are concerned — if they want to crack the encryption on my personal banking data stored on the IGG servers all the power to them. However, they would be further ahead just hacking all of the servers of the primary financial providers in NorthAmerica directly. Come to think of it — maybe they do!

    Tongue in cheek aside – I look forward to seeing this much need enhancement.

  18. Paul Says:

    I’m glad to hear of this addition to iBank. I’ve held off switching from another program because I want something that can sync as iBank will. Can you say if this new feature will come as a free update, or will there be a new paid release? If it’s the former, then I’ll go ahead and switch now, but (since my current program gets the job done) if it’s the latter then I’ll wait to hop on board.

  19. Julian Says:

    One more vote for WiFi-sync. I like the idea of “it just works” which is probably easiest to achieve in the way you described. Nonetheless this information is really private and I’d appreciate to have all the data under my control.

  20. Mark Says:

    Thought about moving from Moneywell to iBank, only because they don’t offer a WIFI Sync solution.

    Now I’m reading that you are not willing to offer this feature in the future? Please understand that it’s hard to trust ANY cloud-service these days.

    I don’t want my financial information anywhere on foreign servers. Period.

    That’s why I love 1Password so much. They listened to their customers and reintegrated WIFI Sync. And they also work with attachements and all this stuff. So they proved that its doable.

  21. Khashoggi Says:

    Do not drop WebDAV synch. It will require a switch to quicken for windows if so. Please make available an export method to transfer away from ibank if you choose to remove WebDAV synch.

    If igg software company becomes defunct at sometime in the future, the program should still be able to sync locally through WebDAV since your servers will be gone as well.

    Lastly, regardless of your security model, I am not interested in uploading my financial data to any third party.

  22. Spade Says:

    Dropping wi-fi sync and attempting to roll your own cloud solution seems like a very bad idea, given the current climate.

    Putting potentially sensitive information into “the cloud” is just not an acceptable solution anymore for many people, as the comments here clearly illustrate. Google and Microsoft scanning their users’ emails, government/NSA snooping and secret orders compelling cloud providers to hand over data – nobody can be fully trusted in the cloud. You’re opening yourself up for potential liability and erosion of customer trust here.

    Additionally, *financial* data in the cloud invites the attention of hardcore cybercriminals who are highly motivated to defeat whatever security you may have in mind, in order to obtain account numbers and other personally identifying information. Since your cloud solution will be solely for the purpose of storing financial info, you’ll be a big juicy target for them to attack. Is that really the kind of attention you want to invite upon yourself and your customers?

    Because of your plans to drop wi-fi sync, I actually found myself seriously contemplating one of your competitors’ products, after their big release announcement today. It didn’t last long, but the fact that I’d even fleetingly considered them a potential alternative to begin with does not reflect well upon you.

  23. Anup Says:

    This is great. This has been my single most gripe when I started using IBANK years ago. In today’s age if I have to go back home to sync my updates with my wife’s iPhone that’s totally unacceptable.
    Glad to see that you are working on it. Frankly to me, anything you do to remove the MAC as hub will be welcomed.

    I still don’t understand why can’t it be very simple like ICLOUD sync.
    Also what’s the ETA for this feature ? Will this debut in 5.2 as well ??
    Lastly is there a face lift planned for IBank mobile? It’s seems to be neglected.

  24. Private Andy Says:

    Well, I am sad to read this because I am a happy customer of iBank 5 and all associated apps. One thing is for sure I am not going to upload my finances to any company and especially not to one from US, no matter how good the security features are you are advertising. The data belongs to your government, see Microsoft. Go ahead and offer your cloud sync as an additional option for those who think the world is a good place. But removing your wifi sync will result in not upgrading iBank or removing it, hence one customer less for you. Are you having any links to the government? Who is behind IGG? It’s so generous of you guys to offer this feature for free, is any other party funding you? NO WAY!! Cheers

  25. BenK Says:

    So, with the recent announcement from Cloudsafe that they are going to be closing down on October 31, any updates on your sync solution? Any chance you’ll have it in customer’s hands in time for them to try it out before that date?

  26. paul Says:

    Have to agree with BenK, please speed it up, were about to lose cloudsafe

  27. David Lewis Says:

    For those customers who, for security reasons, prefer to sync only on a local network, may I suggest that you create a simple app or set of scripts that enables the WebDAV server already built into OS X? Assuming you are not removing WebDAV support, that would give a lightweight solution that did not require users to open iBank on the Mac, only that the Mac be alive on the network.

    Best,
    David

  28. Joey Says:

    When is this going to be done? Cloudsafe is shutting down and wifi sync, well… is just almost worthless because you have to be running iBank on both devices at the same time to sync. I like to sync as soon as I make entries and I’m not always at home.

  29. Dave Says:

    As stated above, please give an update on the timeline. Cloudsafe was a suggested option when old sync methods stopped working, and I spent a good amount of time creating multiple accounts for multiple devices and getting it all working again.

    I pay for iBank, and really do not desire to go through all that again with one of your suggested options (SwissDisk.com or DropDAV.com) in this article:
    https://www.iggsoftware.com/support/articles/ibank-5/cloudsafe-com-is-going-offline-in-october-what-are-my-other-options-for-webdav-sync/

    Please let us know!

  30. Dave Says:

    I contacted support and it sounds like the sync service won’t be setup until after Cloudsafe shuts down… I switched to Swissdisk (free 50Mb account), and it only took a couple of minutes. Here is an article if you need help:

    https://www.iggsoftware.com/support/articles/ibank-5/how-can-i-set-up-webdav-sync-using-swissdisk/

    I believe Cloudsafe was more involved because each folder/store you created had a separate encryption key/password.

  31. Joey Says:

    Thanks Dave. I’ll look into switching to Swissdisk to sync until the iBanks sync service goes live. Appreciate the solution.

  32. Stuart Schwartz Says:

    Great news!! I have been using the dropbox webdav for over two years now and would love a free solution. I had actually purchase a Mac server to create my own webdav instead.

    Would multiple Mac’s also be included in the model?

    Keep up the good work!

  33. Patrick Says:

    It is definitely exciting… But when? iOS 8 is now deployed and there is no update on the blog.
    A quick comment like “debugging another 2 weeks” or “pending App Store approval” would help confirm someone is looking at it …

  34. Troy Says:

    This is really great news and it will make this a complete group of applications. I’m not a least bit concerned if someone can potentially access information about when I by bread and milk.

  35. Peggy Says:

    This has been needed for a long time. I had to switch from could safe to Swissdisk and it hasn’t been as good. Continually having sync issues from mac side even though all passwords are good.
    When do you think this will be live?

  36. James Kirk Says:

    This looks like a great step forward, but it would be good to give us customers an estimate on the rollout of this feature

  37. Veneer Says:

    This is Great News ! For those of us having constant sync problems esp. since upgrading… When is it coming ???? What’s the roll out date ?

Leave a Reply