iOS 17.5 seems to be experiencing a rather nasty bug that raises some very, very concerning questions about what Apple thinks “delete” really means.
After updating their iPhone, one user said they were shocked to find old NSFW photos that they deleted in 2021 suddenly showing up in photos marked as recently uploaded to iCloud. Other users have also chimed in with similar stories. “Same here,” said one Redditor. “I have four pics from 2010 that keep reappearing as the latest pics uploaded to iCloud. I have deleted them repeatedly.”
“Same thing happened to me,” replied another user. “Six photos from different times, all I have deleted. Some I had deleted in 2023.” More reports have been trickling in overnight. One said: “I had a random photo from a concert taken on my Canon camera reappear in my phone library, and it showed up as if it was added today.”
↫ Tim Hardwick at MacRumors
A report a few days later says that even on devices that have been wiped and sold, photos seem to be reappearing. This is even scarier than photos reappearing on devices you’re still using today – just think of all the iOS devices you’ve had and sold that might still be in use today. Users all over could be looking at old photos you took that you thought weren’t only deleted, but also wiped when you sold the devices in question.
Apple has not said anything yet, but it further illustrates just how untrustworthy companies like Apple really are. Even taking into account it might take some time (minutes? An hour?) for a delete request to propagate through iCloud’s server network, there’s obviously no way photos that were supposedly deleted years ago are resurfacing now – especially when entire device wipes are involved, and any new user isn’t even logged into the same iCloud account.
I hope for everyone involved – the users, that is, I don’t give a rat’s ass about Apple – that this isn’t very widespread, because the last thing any of us needs is old nude photos reappearing on random people’s devices.
What a mess.
A decade after the Fappening, iCloud is still a complete disaster.
All this PR bullshit on how strong Apple is on privacy and then you realize they are just creeps. As who would otherwise keep NSFW photos they got and stored by deception, after owner clearly wanted to delete them. And on top of that it doesn’t even matter, as the effect of realizing Apple is a creep will have exactly 0 effect in terms of diminishing user base.
I have jailbreaked my iPhones up to iOS 14.8 and have noticed that jailbreak files remain on the data/user partition even after a) full wipe from Settings, b) full DFU reinstall of current iOS from iTunes and c) full DFU iOS update from iTunes. So, yes, not ALL files are erased on-device, at least not up to iOS 14.8. Why should things have changed since then?
iOS does a LOT of indexing, telemetry and diagnostics – and I really mean A LOT of logging. My guess would be that there are background processes saving lots of user data, geolocation data, phone info, internet logs and deleted photos that are not erased during a content wipe. To what purpose, one can only guess…
Actually, with a jailbreaked iPhone is it quite easy to inspect various app files to discover that many of them log lots of user data such as your name, access data, geolocation data, various iOS info, UDID, IP address etc.
Yeah, Apple apps are excempt from the privacy controls on Apple devices. Ironically unlike Google apps on Android, which can be completely crippled (like denying the phone app’s right to use phone connections)
Hilarious.
“If you’ve done nothing wrong you’ve got nothing to hide” /sarcasm
Obviously a massive oversight somewhere, but I’m genuinely curious about the details.
Unfortunately this being apple, I don’t think they’ll ever share the details – some PR press release at best.
I’m not here to defend Apple, I hate them and I don’t use their products. But I would still take those user reports based on their recollections of actions that they think they performed with a large grain of salt. As a long-time admin of a small web forum I’ve received messages many times from users claiming that a post or a private message has gone missing. But after I diligently reconstruct the trail of events and reply to the user that there is no evidence of any problem their response is usually along the lines of “Oh yeah, I remember now that I actually didn’t send that message” or “Sorry, that post was actually on a different forum” etc. So especially in the case of an event as mundane as deleting a photo (how many photos have you deleted on your device(s) during the past week?) from a plethora of other possibly similar photos, it sure seems like user recollection won’t be 100% accurate.
Funny thing is that these photos were deleted when in actuality, the user or customer were just denied access to those photos. The next question is, ” If this is the case, If I disabled iCloud backup , Is it just the fact that I denied myself access to iCloud and the apps still syncing or sending my data to Apple, which includes banking, photos, passwords, and app settings?
Not that it’s an excuse, but many DB admins I know don’t know that when you delete a thing from a database like MySQL, it doesn’t actually delete anything. it justy marks the row as “deleted” internally – and only really cleans it up when you do a cleanup op later. In MySQL a TRUNCATE command will actually delete things, but in really big databases, you essentially can’t run that, because it locks the entire database for the duration of that operation, which is not a trivial amount of time. I can easily see that some app developer simply didn’t know that for 20 years, and had been relying on some naive understanding of what some delete operation does, and this actually happened from an attempt to address it. Just a guess obviously.
CaptainN–
I agree with your overall point. In particular unlinking/de-indexing the data isn’t the same as actually wiping the data sectors. Although I’d advise DB admins that “TRUNCATE” merely tells the file system to reclaim the storage. In the same strict sense that “DELETE” merely marks the table space as free but doesn’t overwrite any data in the table, “TRUNCATE” merely marks the space as free in the file system but doesn’t technically overwrite any data on the disk. And the NAND flash controller does the same thing, “TRIM” merely marks the NAND sectors as free but doesn’t overwrite the data.
All of these provide opportunities for deleted data to be recovered for a period of time until the true data sectors are actually overwritten.
Obviously end users will not understand this, but technical staff should. It’s far more efficient to unlink data than to scrub the media of every byte that it contained. This has nothing to do with apple, same would be true with google/microsoft/oracle/redhat/and so on. There’s probably all on similar footing there, but obviously it’s not normal deleted data to return without the use of low level data recovery tools. If that’s happening it’s a major flaw.
Perhaps this is happening because some storage media went offline (intentionally or not) at some point and then got reintroduced into the icloud data center without properly formatting them, bringing all the old files back to life. This could explain why apple accounts are getting old files, but even so it would still point to a broken process.
In MySQL though, you can literally query for all deleted records, and find them. They are still there until explicitly cleaned up. I’m not saying Apple’s photos is stored in MySQL – but I’d bet there is a similar mechanism at play, or something like a deleted flag in the store they use, which is probably tied in to whatever versioning meta data they keep. Anyway – it’s stupid, and someone should have had the forethought to go through these details for something as sensitive as photos. They deserve all the flack they take over this.
CaptainN-
How?
Here they cover two ways to recover deleted data, but it depends on how lucky you are, there is no guarantee the data won’t have already been overwritten.
https://stackoverflow.com/questions/6924823/how-to-recover-just-deleted-rows-in-mysql
If records were recently unlinked, there’s an open source tool to get them back.
https://www.percona.com/blog/how-to-recover-deleted-rows-from-an-innodb-tablespace/
The other method is to use the redundancy provided by binlog. Obviously it’s normally used to provide atomic transactions in case the system goes down in the middle of an operation. Recent insertions will be in the binlog, and so one could rerun insertion transactions for records that got deleted. But this storage also gets recycled and on a busy server old transactions are likely to be overwritten regularly.
Are these what you are talking about or something else? These could help recover some deleted records in a disaster recovery scenario, but I would not go so far as to suggest that deleted mysql records are never overwritten.
Most production systems don’t overwrite data immediately, in which case a low level recovery tool can often reveal data that hasn’t yet been overwritten. But obviously if icloud is making deleted data available to end users, something’s wrong. At the very least it’s a bug.
I’m also curious about spiderdroid’s point. Was apple icloud designed to keep files intact even after deletion and just hide them from users? If so it opens up a serious question around what the fix will be: will the fix delete the files for real? Or will the fix be to just hide the files from users? Apple are notoriously tight lipped about operations so I don’t expect we’ll be getting a straightforward answer unless there’s a whole lot of pressure by the media.
Yeah, it does not promise those files are around for a long time – but form experience, records do kick around for a while. But yeah, no guarantee.
” This is even scarier than photos reappearing on devices you’re still using today – just think of all the iOS devices you’ve had and sold that might still be in use today. Users all over could be looking at old photos you took that you thought weren’t only deleted, but also wiped when you sold the devices in question.”
I do not use Apple devices or iCloud, then I don’t understand this… If you sell your iPhone, do you sell it with your iCloud account together? Are the accounts “transferable” or permanently linked with each device? I don’t think so. Is it?
Are the photos and iCloud content linked to the DEVICE or ther user account? Why would the seller photos reappear in a sold iPhone supposing it was properly reset before selling it? Isn’t the new owner supposed to log in with his own iCloud account? I think it would only happen with people selling their devices without proper reset.
Yes, I know that a lot of people sell old pcs, hard-drives without wiping the contents, but the way it was described in by Thom is as if EVERY second hand iPhone will have this “old user photo reapearing issue” because of this bug linking the icloud with the device, not the account. (not apple user here, I repeat, I am just curious if is it the way it works with iOS)