iCloud sync vs cloud accounts for your todo list
What actually happens to your tasks under each model, and how to think about the trade-offs.
Every modern todo app needs to sync between devices. There are two common ways to do that, and they look identical to the user once everything is set up. They are not identical underneath. The differences matter for privacy, for reliability, and for what happens the day the app’s company gets acquired or shuts down.
This post is a comparison of the two models without taking sides. Each is a defensible choice. The point is to understand which one you are getting when you pick a todo app, because nobody at the App Store listing screen tells you.
Model one: iCloud sync
iCloud sync, in the context of a Mac todo app, almost always means the app uses one of Apple’s frameworks called CloudKit, plus a small key-value store called NSUbiquitousKeyValueStore for very small payloads.
When you toggle a task as done in an iCloud-synced app, the app writes the change locally on your Mac and asks Apple’s CloudKit infrastructure to propagate it to your other devices. Your iPad, your other Mac, anywhere you are signed in with the same Apple ID, sees the change shortly after.
What you should know about this model:
- There is no developer account. You did not sign up for anything. There is no separate password. You authenticated with your Apple ID by signing in to iCloud at the OS level, which you almost certainly already did.
- The data lives in your iCloud account, not the developer’s. When you delete the app, your iCloud data stays in your account until you remove it from System Settings.
- The developer cannot see your data on their servers, because they do not have servers. They have to ask Apple’s CloudKit to do the storage. Whether the data is end-to-end encrypted depends on Apple’s iCloud settings, not the app developer’s choice.
- Sharing across users is hard or impossible. iCloud sync is designed for one user with multiple devices. If you want to share a list with a partner or coworker, this model usually does not support it.
- The app cannot scale to a web client. There is no Apple-blessed way for a non-Apple device to read your iCloud data. You will only see your tasks on Apple devices.
This model is right for a private personal todo list that you use only on your own Apple devices. It is the lightest, simplest, most private option.
Model two: cloud accounts
A cloud-account todo app runs its own backend. You create an account with the developer, give them an email and password, and your tasks are stored in their database. Sync between devices happens through their servers.
What you should know about this model:
- The developer has a copy of your data on their servers. Most encrypt it at rest. Most do not encrypt it end-to-end. The developer’s employees, in most cases, can technically read your tasks if they had to, even if their policies say they will not.
- There is an account to manage. You can be locked out if you forget your password. The developer can suspend your account. The developer can change their pricing.
- Sharing is easy. Multiple users with multiple accounts can be invited to the same list. This is the actual reason this model exists. Real collaboration requires a shared backend.
- There is usually a web client. You can open your todo list in a browser on a Windows machine or a Linux box at work. This is genuinely useful for many people.
- The app’s survival depends on the company. If the company gets acquired, the new owner inherits your data. If the company shuts down, your data goes with it unless they offer an export.
This model is right for a todo app that needs cross-platform access, or that needs to support actual collaboration with other people, or that hooks into a larger workspace product like Notion or Asana.
What is actually different in practice
The user-visible differences are smaller than they sound. Both models sync. Both models work offline and reconcile when you reconnect. Both models can be fast. Both models can lose your data if the developer is sloppy.
The differences are mostly about who has the data and who you are trusting:
| iCloud sync | Cloud account | |
|---|---|---|
| Who stores it | Apple, in your iCloud account | The app’s company, on their servers |
| Who you trust | Apple’s iCloud team and the app developer | The app’s company and Apple |
| What account is required | Your Apple ID (already have it) | A new email and password with the developer |
| Survives company shutdown | Yes, your local data is unaffected | Depends on whether they offer an export |
| Web client possible | No | Usually |
| Sharing with other users | No | Usually |
| Data deletion | System Settings on your Mac | Some account-deletion flow on the developer’s site |
The right answer is whichever model matches what you actually need. Most personal todo lists, for one user across one or two Macs, are well served by iCloud sync. Most team todo lists, or todo apps that double as a knowledge base shared with others, need a cloud account because the collaboration is the point.
A note on end-to-end encryption
Both models can claim “your data is encrypted.” That phrase is doing a lot of work and it usually means encryption at rest on the storage server, which is the bare minimum, not end-to-end encryption. End-to-end means the company that runs the storage cannot read your data even if they want to. Standard server-side encryption means they can.
Apple’s iCloud has historically used standard server-side encryption for most categories. As of late 2022, Apple has offered an opt-in feature called Advanced Data Protection that turns on end-to-end encryption for many iCloud data categories. If you are using a Mac signed in to an Apple ID with Advanced Data Protection turned on, your iCloud-synced todo list is end-to-end encrypted between your Mac and Apple’s servers. If you have not turned that on, it is not.
The cloud-account model can also offer end-to-end encryption, but only a small minority of todo apps actually do. It is hard to implement and it limits some features (you cannot offer search inside the encrypted blob without solving some hard cryptography problems first). Most cloud-account todo apps just say “encrypted” and mean “the disk on our database server is encrypted, but we hold the keys.”
This is not a moral judgment. Standard encryption is fine for most data. If you are not handling secrets, you are probably okay either way. The point is to be honest about what you are getting.
What TodoBar does
TodoBar uses iCloud sync via Apple’s NSUbiquitousKeyValueStore. There is no TodoBar account. There is no TodoBar server. Your tasks live on your Mac and in your private iCloud account. We described this in detail in the privacy policy for anyone who wants the full mechanics.
The trade-offs are the ones described above. You cannot share a list with another person. You cannot open your tasks in a browser on a Linux machine at work. The model is meant for one user with one or more Macs, which is the actual use case for a menu bar productivity utility.
If you need shared lists or web access, TodoBar is probably not the right tool. There are excellent cloud-account apps for that case. They are a different category of software for a different job. Both can be good. It depends on what you are actually trying to do.
TodoBar is a friendly menu bar todo list for macOS. Plain-English due dates, global hotkey, iCloud sync. Pay once, yours forever.
Get TodoBar on the App Store