Security researchers reverse-engineered Apple's recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud.
Despite widespread reports from users and tech outlets confirming the alarming issue, Apple remained silent about the root cause, failing to address people's valid concerns.
Today's report can now ease people's concern that Apple was indefinitely storing media users deleted a long time ago, which would have been a massive breach of privacy.
Apple fixed the bug in iOS 17.5.1, which was released on Monday.
Reappearing images
Since the release of the public beta of iOS 17.5, iPhone users reported the unexpected re-appearance of deleted images on their devices. This bug made it into the final release, reaching a much broader user base and resulting in numerous reports of this problem on Reddit.
"I have four pics from 2010 that keep reappearing as the latest pics uploaded to iCloud. I have deleted them repeatedly," a user said in the Reddit thread.
"Same happened here photo from September 2022 just appeared out of nowhere in recents section in photos app , weird," reported another user.
Since the restored photos were a lot older than the 30 days iOS's "Recently Deleted" system is set to keep files for, it quickly became clear that something else was happening.
To make matters worse, Apple's silence left room for speculation, with some thinking Apple wasn't being transparent in their data policies to images not being properly deleted from memory.
Researchers give the answer
Analysts at Synactiv reverse-engineered the iOS 17.5.1 update that addressed the problem, examining the IPSW files and comparing the DYLD shared caches of the two versions to find changes.
Through this process, Synactiv identified significant changes in the 'PhotoLibraryServices,' specifically the 'PLModelMigrationActionRegistration_17000' function.
Source: Synactiv
Apple removed a routine in the function responsible for scanning and re-importing photos from the filesystem, which caused it to reindex old files on the local file system and add them back to people's galleries.
"Based on this code, we can say that the photos that reappeared were still lying around on the filesystems and that they were just found by the migration routine added in iOS 17.5," explained Synactiv.
"The reason why those files were there in the first place is unknown."
Although this finding reassures users that Apple isn't storing their deleted files on the cloud and "accidentally restoring" them one day, it also acts as a reminder that deleted files can persist in local storage until the blocks are overwritten with new data.
BleepingComputer contacted Apple multiple times regarding the photo-restoration bug and again to validate Synactiv's findings but have yet to receive a response.
Comments
theoldcoot - 1 month ago
Sorry, I still don't believe this. Apple has to come clean on this and to regain it's costumers confidence. They have to show us that the files we delete from a iPhone, Mac, iPad or any other device that is Apples is actually deleted. Until they I have no trust for Apple.
NoneRain - 1 month ago
Dude, photos were at the Files App.
The update had a function that reimported photos from places it should not, and then files in the Files App were scanned and reimported in the Photos App.
That's it. There's no magic black hole on your devices, neither is Apple storing all your bikini photos in a secret server.... The Synactiv report only comprove that.
NoneRain - 1 month ago
https://old.reddit.com/r/ios/comments/1cwgljj/regarding_the_ios_175_photo_glitch/
monk42 - 1 month ago
There seems to be a lot of misinformation surrounding this online, and Apple is not being entirely truthful here either. I have some information on this from some Apple insiders, but there are some gaps, so reverse-engineering might shed more light on it.
This has nothing to do with the Files app, nor does it have anything to do with re-indexing of the Photos library. This has to do with fighting CSAM. Apple has started (in this or a previous update), to scan your device (including deleted files) for anything containing nudity (search for "brasserie") and adding it to your photos library in a way that it is hidden. That way, anything that the models detect as nudity is stored in your iCloud database permanently. Apple is doing this because it allows them to screen for unknown CSAM material. Currently it can only recognize known fingerprints, but doing this allows them (and the other parties that have access to your iCloud data) to analyze unknown media.
The bug mentioned here accidentally made those visible to the user. The change visible updates the assets in the library in a way that removes the invisibility flag, hence people noticing that there are old nudes in their library that they cannot delete.
It's not something the user was supposed to see, and it is not something to be concerned about, because it is done for protection. There is a similar thing on macOS, where there is a separate, hidden iPhotos database for the same purpose (it's called Syndication, somewhere in the Library folder).
And speaking of deleting things, things are never really deleted. The iPhone keeps a record of messages you delete and media, inside the KnowledgeC database. This is often used for forensic purposes. Apple is migrating this to the Biome database, which has the benefit of being synchronized to iCloud. It is used to feed Siri with information, among other things. Anything you type into your devices, or fingerprints of anything you view are sent to Apple's servers and saved. Spooky, if you ask me. But the only way we can have useful digital assistants is when they have access to everything, that's just how it works.
NoneRain - 1 month ago
Ok, but where wild theory comes from? Care to share some source?
tech_engineer - 1 month ago
Apple had issues with deleting photos since many many many years, I remember that when my cousin deleted old photo to free the devices storage (didn't want to buy online storage), then when to empty the recycle bin (or whatever they call it on iOS), the storage was not freed. I remember having to change the device date and time to forward or backward to make it really empty the storage.
SamuelSung - 1 month ago
What can I say, it is Apple. I never trust them. Samsung all the way.
h_b_s - 1 month ago
While Apple's delete file feature iOS leaves much to be desired, you must have missed all the problems with Samsung's (lack of) software quality over the years. "I've never had any problems," doesn't mean problems don't exist, only that you didn't notice or brushed them off cuz "at least it isn't Apple".
Fanboism at it's finest. As mentioned at the end of the article, if you'd bothered to read it, nearly every computer/device has the same issue. Data remains on the storage device till it's EXPLICITLY over-written/cleared, not when you tap the delete icon. This is the case on Samsung devices as well. But it's deeper than that, almost all current OSes also have a second software abstraction layer on top of that where files are merely moved to another directory on the device till a time period has elapsed which can be any arbitrary length of time up to indefinitely. There's two reasons for this: first zeroing out data as soon as it's deleted significantly kills performance - as in it'll make a mobile device unresponsive till it's finished. The problem is less obvious on desktops and servers but still significant enough that it's rare to find filesystems that default to immediately clearing deleted data. The other reason is users can't be trusted to manage their own files. Millions of people accidentally delete files every single day then hit the ceiling if they were to discover they can't get them back, hence "trashcan". The problem isn't the OS. It would be doing what it's supposed to be doing. The problem is the user. The OS developers are just working around user fallacies (especially that one about neglecting backups).
SamuelSung - 1 month ago
Got you really riled up, haven't I? I did read the article, and I do know how widespread this issue is. So, have a cup of tea and chill my friend. Best Wishes, Peace and Love, Sam.
Sam Sung
~~~~~~~