Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS 17.5 Bug May Also Resurface Deleted Photos on Wiped, Sold Devices [Updated]

LV426 said:
An iOS device is truly erased locally when you hit the erase button, because all flash memory access is marshalled through hardware requiring an encryption ID.
Click to expand...

As has been previously noted, the iPhone operation "Erase All Content and Settings" does not actually overwrite existing information stored on the device, but simply destroys the encryption keys and thereby prevents access. In theory, this should be adequate to protect the privacy of a user’s on-device information – assuming that Apple has implemented the "erase" process flawlessly.

To guard against the (improbable) case in which "erase" process does not function properly, I personally spend a few minutes to overwrite the iPhone storage before disposing of the device.
  1. Disable Find My (Settings | [Apple ID] | Find My).
  2. Sign out of the Apple ID (Settings | [Apple ID], scroll down and tap Sign Out).
  3. Erase content (Settings | General | Transfer or Reset iPhone | Erase All Content and Settings).
  4. Setup the iPhone as a new device in a minimal configuration state by completing the setup wizard, skipping steps in which personally identifiable information is requested (e.g., Face ID, Apple ID, WiFi/cellular connection, location services, etc.). At this point, the iPhone will only contain the default iOS system files and apps (about 10GB).
  5. On a PC/Mac, create a set of data files containing random bytes through a programming script (or obtain from a source such as here).
  6. Using iMazing, copy the random data files to the iPhone (see here) in order to overwrite the unused storage space. A notification “iPhone Storage Full” will appear when all free space has been overwritten.
  7. Erase content again (Settings | General | Transfer or Reset iPhone | Erase All Content and Settings).
While not technically perfect, this sequence of steps ensures, from a practical perspective, that a user’s information on an iPhone has been destroyed. Doing so is “peace-of-mind insurance” that on-device personal information will be unretrievable.
 
  • Like
  • Wow
Reactions: jwdsail, dreckly and Mescagnus
Pleonasm said:
As has been previously noted, the iPhone operation "Erase All Content and Settings" does not actually overwrite existing information stored on the device, but simply destroys the encryption keys and thereby prevents access. In theory, this should be adequate to protect the privacy of a user’s on-device information – assuming that Apple has implemented the "erase" process flawlessly.

To guard against the (improbable) case in which "erase" process does not function properly, I personally spend a few minutes to overwrite the iPhone storage before disposing of the device.
  1. Disable Find My (Settings | [Apple ID] | Find My).
  2. Sign out of the Apple ID (Settings | [Apple ID], scroll down and tap Sign Out).
  3. Erase content (Settings | General | Transfer or Reset iPhone | Erase All Content and Settings).
  4. Setup the iPhone as a new device in a minimal configuration state by completing the setup wizard, skipping steps in which personally identifiable information is requested (e.g., Face ID, Apple ID, WiFi/cellular connection, location services, etc.). At this point, the iPhone will only contain the default iOS system files and apps (about 10GB).
  5. On a PC/Mac, create a set of data files containing random bytes through a programming script (or obtain from a source such as here).
  6. Using iMazing, copy the random data files to the iPhone (see here) in order to overwrite the unused storage space. A notification “iPhone Storage Full” will appear when all free space has been overwritten.
  7. Erase content again (Settings | General | Transfer or Reset iPhone | Erase All Content and Settings).
While not technically perfect, this sequence of steps ensures, from a practical perspective, that a user’s information on an iPhone has been destroyed. Doing so is “peace-of-mind insurance” that on-device personal information will be unretrievable.
Click to expand...

Just for (my personal) kicks, I'll replace step 5 with 512GB of random cat photos :D
 
  • Like
  • Haha
Reactions: jwdsail, dreckly and Pleonasm
Heelpir8 said:
Maybe the author realized whatever happened was their bad.
Click to expand...
I bet so. What I said originally and think happened, assuming they weren't just trolling, is they'd simply shared an album with someone years ago, and forgotten about it.

The real bug that does exist, is a tech support person's nightmare. It's a perfect storm of real problem and cognitive bias.

I mean, let's say you know with 100% certainty the system is bug free, but tell 10,000 random users "hey, there's this totally real bug in your iPhone that will undelete photos you deleted years ago. Better comb through your thousands of photos and look for them."

I'd bet you at least 1,000 users will be certain they found at least a few photos that they are just cocksure they deleted. A few within those 1,000, will find photos they don't recognize at all. At least one guy will insist the government is broadcasting messages in his teeth or her skin has become magnetic.
 
  • Like
Reactions: poi ran
Mescagnus said:
iOS used to be a walled garden. Some big bugs were kept within the constraints of the walls. DMA required Apple to make fundamental changes to iOS. The changes broke the walls. The bugs are coming out.

Could this be the case?
Click to expand...
Are you really trying to blame the EU for this - that's one mighty stretch....

Edit: Or are you trying to say iOS is like a pus filled spot that just burst?
 
Silly John Fatty said:
I contacted Apple because apparently some apps could have access to my camera roll, microphone and camera even though I didn’t grant access in the privacy settings.

They played dumb telling me they don’t understand what I meant.

Then they ignored my messages. After I re-messaged them, they played dumb again, presumable not knowing what I mean.

I’ve said it often and I will repeat it. Apple is more and more of a trash company.

Low quality products and garbage software. That’s what Apple stands for these days.

Who tells us, in this world of global fights for power and influence, that Apple isn’t tracking us far deeper than they admit, with who knows what plans in mind?

The personal data about each of us a company such as Apple can amass is monstrous.

What if our devices record us and in the future you’ll just be able to buy this **** somewhere and take individual people down?

Look at movies, there is a high demand for dystopian films, many people like to be dystopian. It’s the philosophy and aesthetic of many. Google removed its "don’t be evil" motto.

A new generation of criminals, the first global digital criminals, might be on its way.

Look at how crazy Elon Musk is also. Or remember the scandals around Zuckerberg. A new generation of completely insane and unpredictable digital dictators seems to come to power.

Who knows what our Apple devices can really do. The design and the nice feeling of the material under our hands is just what we’re sold on. The actual thing with its actual functions is behind that but nobody really knows what it does, we can only trust it.

Remember when you could type in "bra" in your camera roll or something like that and it would show all cleavage photos or so? It was a glitch that showed what was happening behind the friendly user interface, the iPhone was collecting infos on what was seen in the photos and making categories without anyone knowing. Apple never mentioned it was doing this. When people found out due to a bug like in this new case here, Apple started finding excuses.

Democracy is in serious danger and it’s being fired at from all sides. I believe that Apple too might be firing at Democracy. We can still save it, though. It’s our most valuable asset and our global competitive advantage. Dictators from all over the world want to take it from us for exactly this reason.
Click to expand...
You can still search for any keyword including “bra” and pictures will show up. I find it useful but sure if someone has access to the library they can find what they’re looking for quickly and easily.
 
thecombatwombat said:
That article is so weird, it's basically dissonant. It's constantly walking this line between being really detailed about some things, yet vague about what happened. And the author is constantly patting themselves on the back for being some smart web3 entrepreneur, while also laying out how they ignorantly did the wrong thing at every turn.

I mean this, reads like a twelve-year-old's Law and Order fan fiction:

"The investigation later revealed that there were about 20 other victims. Most of them were women. He would make a lot of them do sexual things. I got a call from the sentencing officer who didn't know this was a thing. She said she's been around serial killers, murderers… bad people, and she's never had a worse feeling than interacting with this person."

He mentions the FBI before that, implying this is the US. What the heck is a "sentencing officer?" It's such weird nonsense.
Click to expand...
Did you even read the complete article? It was clear on what happend…
 
Furrr said:
Did you even read the complete article? It was clear on what happend…
Click to expand...
We are talking about the same article right, it is weird the original person didn't simply link to it:


It was not clear though. For example, what site lets you move crypto currency with an Apple ID? That's a really weird detail to leave out. I mean he implies Cash App and Venmo were involved and . . . neither of them use an Apple ID for, as best I can tell . . . anything? It makes no sense. He says it impacted his Chase and Amex accounts but again . . . neither use your Apple ID for anything, so what is he talking about other than vague nonsense?

Who was the person who got caught? If this guy is some big not to be messed with journalist, and this shadowy figure is now in custody and in court, name them. That's what a big tough not to be messed with journalist entrepreneur web3 manly man hiding his shame from his wife would do.

And further, again, what jurisdiction is all this law enforcement? They at least strongly imply it's in the US, but then describe something that is just absolutely not how the US process would go there.

And to get just ridiculous with it, that infographic, he attributes it to a Wall Street Journal article, but of course, vaguely, doesn't link to it. Searching around for it, it seems to actually just be some nonsense going around linkedin. It it was from a WSJ article, it's one they wildly misunderstood, as it was about stealing phones themselves after getting the passcode, not about an attack at all like they describe.

Not doing those things, is what I am calling vague. I mean if that's not vague, what is?

Also just come on:

"I want to make sure this never happens to anyone else. I’m about to receive a refund from Apple for all of the purchases I made over the past 20 years as compensation — and would like to share these top tips for other victims:"

No he's not. Twelve-year-old's fan fiction. That's just silly. And would have some evidence. Apple does not do that, that's not how legal things work.
 
Last edited:
  • Like
Reactions: Arctic Moose
Agilis said:
I figured you would.

The very definition of edge case scenario:

“In software development and testing, an edge case is a problem or situation that falls outside normal procedures and on the boundary of your operating framework. Essentially, when you test for an edge case you're checking how your software behaves under unexpected or rare conditions.”

Now I said a developer will account for every scenario they can.

- Imagination
- Motivation
- Experience
- Time Allocation

These all fit under the developer’s experience.

What a developer does not find is considered an edge case scenario. If the QA department does not find a particular scenario then end users will.
Click to expand...
Well this time I do agree with everything you've said. Except for this:

"What a developer does not find is considered an edge case scenario".

Hoo boy! Consider by who? God? Actually no!

End users, and me, with my team leader hat on, would find that comment extremely funny. It's considered by everyone (bar one obviously) a missed hit, a fail. If a developer does not find a bug before promoting to QA, and both QA & UA also misses it, no matter how the dev wants to spin it, it's a fail. Otherwise, what are you going to do? Tell the user they're doing it wrong because they broke your code? Hmmm... that sounds eerily familiar in Apple's case... :)

In such situations the dev had better be doing some serious thinking about their own methodology. If they are not prepared to do that, probably would be best to start looking for another job outside of programming. Motivation is everything. Ego is an obstacle to growth. That's why we get the big bucks.

I gotta say, in the instances of really slack programming events I encountered during my career (from self taught enthusiast > college > junior trainee > team member w/mentorship > team member > group leader > freelancer > and beyond) most devs that got their code kicked back from production to dev were mortified and learned from the experience.

Those that didn't learn from experience eventually faded away into other careers.
 
rehkram said:
Well this time I do agree with everything you've said. Except for this:

"What a developer does not find is considered an edge case scenario".

Hoo boy! Consider by who? God? Actually no!

End users, and me, with my team leader hat on, would find that comment extremely funny. It's considered by everyone (bar one obviously) a missed hit, a fail. If a developer does not find a bug before promoting to QA, and both QA & UA also misses it, no matter how the dev wants to spin it, it's a fail. Otherwise, what are you going to do? Tell the user they're doing it wrong because they broke your code? Hmmm... that sounds eerily familiar in Apple's case... :)

In such situations the dev had better be doing some serious thinking about their own methodology. If they are not prepared to do that, probably would be best to start looking for another job outside of programming. Motivation is everything. Ego is an obstacle to growth. That's why we get the big bucks.

I gotta say, in the instances of really slack programming events I encountered during my career (from self taught enthusiast > college > junior trainee > team member w/mentorship > team member > group leader > freelancer > and beyond) most devs that got their code kicked back from production to dev were mortified and learned from the experience.

Those that didn't learn from experience eventually faded away into other careers.
Click to expand...
While this bug certainly may turn out to be a real thing, it more and more seems it isn't.

But man, all this self-aggrandizing rambling about it is the funniest thing I've seen in weeks at least.

"Motivation is everything. Ego is an obstacle to growth. That's why we get the big bucks."

The bigger bucks would be in a linkedin parody account. Ten years ago.
 
  • Like
Reactions: Agilis
Jonnsnow said:
Lol the redditor not only deleted that post but also EVERY SINGLE COMMENT he ever posted

whats interesting is that he also deleted another post where he was asking people if he should report his teaching assistant in his local university

This is important because a tech support guy left a comment stating:

“One of the rules of troubleshooting is never take what a user says at face value. They swear up and down they rebooted the computer? Don't take that at face value, dig a little further with a couple questions, and you find out all they did was turn the monitor off and back on.”

Link to comment: https://www.reddit.com/r/ios/s/pLhMFSp5TF

OP responded by stating that they also work as a tech support, while the other reddit posts from only a couple months ago suggests they’re in uni/college in a completely different unrelated field?

You cant verify this for yourself since he deleted everything but heres a comment corroborating what i’m saying (i saw the posts & comments myself a few days ago btw)

“Homie you keep saying you work in tech support but six months ago you were trying to report your TA at U Vic.”

Link to comment:
https://www.reddit.com/r/ios/comments/1cspwh2/_/l4a2gu0
Click to expand...
I don't believe the story one bit, not unless we see other people step forward with proof of it happening to them. It's a shame MacRumors hasn't updated the story to reflect how much doubt has been cast.

That being said, you can totally work in tech support while working on a university degree. I was fortunate enough to land a job with the campus IT staff before I even finished my first year. Not saying the Reddit post isn't ********, but this isn't necessarily a mark against it.
 
  • Like
Reactions: Agilis, thecombatwombat and iGeneo
scoott said:
I don't believe the story one bit, not unless we see other people step forward with proof of it happening to them. It's a shame MacRumors hasn't updated the story to reflect how much doubt has been cast.

That being said, you can totally work in tech support while working on a university degree. I was fortunate enough to land a job with the campus IT staff before I even finished my first year. Not saying the Reddit post isn't ********, but this isn't necessarily a mark against it.
Click to expand...
Agreed. Feel like Macrumors jumped the gun on posting the original story. With something THIS serious, there should have been some kind of confirmation or actual proof. This is the kind stuff companies sue over.
 
  • Like
Reactions: Mescagnus
rehkram said:
Well this time I do agree with everything you've said. Except for this:

"What a developer does not find is considered an edge case scenario".

Hoo boy! Consider by who? God? Actually no!

End users, and me, with my team leader hat on, would find that comment extremely funny. It's considered by everyone (bar one obviously) a missed hit, a fail. If a developer does not find a bug before promoting to QA, and both QA & UA also misses it, no matter how the dev wants to spin it, it's a fail. Otherwise, what are you going to do? Tell the user they're doing it wrong because they broke your code? Hmmm... that sounds eerily familiar in Apple's case... :)

In such situations the dev had better be doing some serious thinking about their own methodology. If they are not prepared to do that, probably would be best to start looking for another job outside of programming. Motivation is everything. Ego is an obstacle to growth. That's why we get the big bucks.

I gotta say, in the instances of really slack programming events I encountered during my career (from self taught enthusiast > college > junior trainee > team member w/mentorship > team member > group leader > freelancer > and beyond) most devs that got their code kicked back from production to dev were mortified and learned from the experience.

Those that didn't learn from experience eventually faded away into other careers.
Click to expand...

You just like hearing yourself talk it seems. And you definitely seem like you enjoy shoving your “experience” down people’s throat until they succumb to your “expertise.”

Laugh all you want, however I develop for an enterprise level company & I will not be naming that company. Our QA team is trained on all the operations that can be performed on within a given interface. Our QA team is solely responsible for finding & discovering scenarios that break the UI or create anomalies that result in corruption or mishandled error exceptions.

I have worked as a .NET Developer for over a decade. And Senior Lead Developer for a decade more. You paint a wonderful picture on how a standard development workflow should work and that’s great & works for small business but at an enterprise level developers code and that’s it. That is why I said in an earlier post, developers will account for every scenario they can but at an enterprise level, developers do not have the time to think of the edge case scenarios. That is and will always be the QA’s job.

“Motivation is everything. Ego is an obstacle to growth. That's why we get the big bucks."

Says the person posting with one of the biggest ego’s in this thread. Wow.
 
thecombatwombat said:
While this bug certainly may turn out to be a real thing, it more and more seems it isn't.

But man, all this self-aggrandizing rambling about it is the funniest thing I've seen in weeks at least.

"Motivation is everything. Ego is an obstacle to growth. That's why we get the big bucks."

The bigger bucks would be in a linkedin parody account. Ten years ago.
Click to expand...
Right. They say that yet they are leaving paragraphs for comments making sure others know they are the smartest in the room. But remember, ego is an obstacle to growth. Oof.
 
Reddit user removed post


Likely when they received notice from apple legal that if they couldn’t 100% support their assertion they’d be sued into oblivion, as they would be if they mentioned they’d received such a letter.

Probably it wasn’t true, but I don’t doubt for a second the corporate apple would crush anyone mentioning it, if they weren’t 100% sure. Which I suppose is somewhat fair given the insane fallout this could have.
 
  • Like
Reactions: SmugMaverick
j26 said:
Are you really trying to blame the EU for this - that's one mighty stretch....

Edit: Or are you trying to say iOS is like a pus filled spot that just burst?
Click to expand...

Not blaming EU :) Just thinking if Apple has been sitting on a growing pile of bugs that the recent mandated changes to iOS have now unearthed.
 
scoott said:
I don't believe the story one bit, not unless we see other people step forward with proof of it happening to them. It's a shame MacRumors hasn't updated the story to reflect how much doubt has been cast.

That being said, you can totally work in tech support while working on a university degree. I was fortunate enough to land a job with the campus IT staff before I even finished my first year. Not saying the Reddit post isn't ********, but this isn't necessarily a mark against it.
Click to expand...
Sure, im not doubting the possibility of a uni student being able to work while studying

Its just that this was brought up quite conveniently for the first time ever in response to the IT guy questioning him

On top of that, the class the TA was teaching in was entirely unrelated to IT (it was biochemics, lab related iirc)

Im assuming here, but surely your degree must have been related to the IT job you did, right?

EDIT: apparently the reddit user has deleted their account u/animatoramazing190
 
Last edited:
Jonnsnow said:
Im assuming here, but surely your degree must have been related to the IT job you did, right?
Click to expand...
In my case yes, but not the case for many folks I worked with.

Still, doesn’t lend much credence to the the OP’s story, especially if he deleted everything afterwards.
 
How would this even make sense for devices that are wiped and sold / traded in / gifted?

Data would be encrypted with the user's credentials that were entered at setup. When the device is wiped, that leftover data can no longer be able to be decrypted, even when the device is set up again because the credentials and key are now different than the original.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back