![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/05\/woman-with-concerned-worried-upset-face-looking-at-her-iPhone-600x350-1.jpg\")
<\/p>\n<\/p>\n
Apple released iOS 17.5 and iPadOS 17.5 last week, which included fixes for several security vulnerabilities<\/a>. But these updates also seemed to introduce a serious bug. Some users found that photos that they deleted years ago\u2014some of a sensitive nature\u2014suddenly showed up in the Recents album again, as though they were new.<\/p>\n And some people who purchased used or refurbished iPhones or iPads reported seeing previous owners’ deleted photos on their device.<\/em><\/p>\n Let’s break down what we know, what Apple has said about it, and how to resolve the problem. (Updated to add Apple’s statement from May 23)<\/strong><\/em><\/p>\n In this article:<\/em><\/p>\n People may have sensitive photos in their Photos library. In some cases, they may be of the “not safe for work<\/strong>” variety. Many people also take photos or screenshots of sensitive documents. These may include passwords<\/strong>, FileVault or user account recovery codes<\/strong>, two-factor authentication QR codes<\/strong>, completed medical forms<\/strong>, social security cards<\/strong>, credit cards<\/strong>, etc.<\/p>\n People take pictures of many things, and they expect that Apple will keep their photos private. Apple says in its advertising campaigns: “Privacy. That’s iPhone.”<\/p>\n And if your own photos of any sensitive nature\u2014whether nudity, passwords, medical info, or otherwise\u2014show up on a device that no longer belongs to you, then some of the most sensitive parts of your life may be exposed. That’s the allegation from a couple of user reports, anyway; there hasn’t been any hard evidence to support such a claim.<\/p>\n As implied by those couple of unverified reports, even users who hadn’t updated to iOS 17.5 or iPadOS 17.5 could still have had their “deleted” photos appear on a device they sold some time ago, which now belongs to someone who did install the 17.5 update. Update:<\/strong> Apple claims that such user reports were “false.”<\/a><\/p>\n MacRumors<\/a>\u00a0referenced a Reddit thread<\/a> that has some rather disturbing reports from users. The first post reads:<\/p>\n Erm, so yeah. Very creepy. Thoroughly freaked out.<\/p>\n Just completed the update. When in conversation with my partner, I went to send a picture and saw that the latest pictures were nsfw material we\u2019d made years ago when we were living apart (covid etc). But WTF. It was permanently deleted. Years ago but magically it\u2019s back?? I checked my iPad and it also has pictures (some art work I did years ago). I feel so uncomfortable. Anyone else got this issue? I mean with pictures coming back post update?<\/p><\/blockquote>\n Over 200 comments later, many users confirmed that something similar happened to them as well. This said, the original poster has deleted their post<\/strong>\u00a0without explanation, though the long comment thread remains.<\/p>\n Beta testers had similar findings, and posted about them a week before iOS 17.5 and iPadOS 17.5 were released to the public:<\/p>\n A photo I took two years ago has suddenly reappeared at the top of my photos app. I regularly delete photos from my photo library to export them to my PC, which makes this even stranger. It should’ve disappeared from my iPhone completely since that data should eventually become corrupt as new data is written. My only explanation is that somehow this photo has remained in iCloud. Has this happened to anyone else before?<\/p><\/blockquote>\n It’s problematic that beta testers flagged the problem ahead of a widespread release, but Apple went ahead and released the updates anyway.<\/a><\/p>\n Many users securely erase and then sell, give away, or donate their old Apple devices. Users expect that if they go through Apple’s secure erase procedures<\/a>, their devices will be thoroughly wiped of all old data, never to be recovered. (And we have every reason to believe that such is indeed the case, in spite of reports to the contrary.)<\/p>\n But in a couple of unverified reports, users with used or even refurbished devices found that they were seeing photos showing up under Recents that, they claim, never belonged to them.<\/p>\n From one report<\/a> from Reddit, highlighted<\/a> by MacRumors:<\/p>\n I wiped the iPad using official Apple guides before selling. I never logged into that iPad with my Apple ID after erasing the iPad. I sold my iPad to a friend in September 2023, they called me today after updating to iPad OS 17.5 and said my old pictures appeared in their Photos app… HUGE PRIVACY VIOLATION. I see other reports of this. How many people will get other people’s photos on the devices they bought from other people?<\/p><\/blockquote>\n Allegedly, Apple was resurfacing images that had belonged to the original device owner, even though the iPad had supposedly been securely wiped<\/a> and was using a different Apple ID.<\/p>\n Another MacRumors forum user later commented<\/a>:<\/p>\n I had an old random photo from 2004 show up in my library with EXIF data that was from a camera I never had in my life. My iPad Pro is an AppleCare replacement from last year.<\/p><\/blockquote>\n So, allegedly, the issue also happened with refurbished units that Apple itself distributed or sold to its customers. However, it’s entirely plausible that either of these users may have simply been mistaken, or might have made up their stories for attention.<\/a><\/p>\n The issue may not be merely isolated to photos (and perhaps videos) from the Photos app. There has also been an unverified report of deleted or already-listened-to voicemails reappearing as new. A developer named Stacey Smith commented<\/a> on X:<\/p>\n After upgrading to iOS 17.5 on my Xr, voicemails that I had already listened to or deleted reappeared. Before the update, I had only one unheard voicemail, but now I have 26.<\/p><\/blockquote>\n <\/a><\/a><\/p>\n It did not take long for this to spark a discussion about privacy. Let’s look at what Apple says about data retention, specifically as it pertains to iCloud Photos and iCloud in general.<\/p>\n From Apple’s support page titled “Delete and recover photos and videos on iCloud.com<\/a>“:<\/p>\n When you delete a photo or video from Photos on iCloud.com, it\u2019s also deleted from all your devices that have iCloud Photos turned on<\/a>. If you change your mind, you have 30 days to recover it before it\u2019s permanently deleted.<\/p><\/blockquote>\n From Apple’s legal page titled “Apple ID & Privacy<\/a>“:<\/p>\n iCloud Backup<\/strong> Retention<\/strong> There are no specific mentions of Photos in the retention section, and what is there only applies to deleted Apple IDs. Apart from that, iCloud Backup retains data for up to 180 days. Photos that you delete and later wish to recover can be recovered on iCloud.com for up to 30 days.<\/p>\n Nothing here explains how photos from years ago could (allegedly) suddenly re-appear, let alone on devices that no longer belong to you, if those devices are not signed into your Apple ID. Therefore, the existence of a couple of unverified user reports that seemingly challenge this documentation should be viewed with skepticism.<\/a><\/p>\n If those handful of reports were to be believed, it might seem as though there may have been a problem with some serious privacy concerns. At the time, we could only speculate as to the cause of this alleged issue.<\/p>\n We do not know how Apple treats data on its servers, apart from what the company tells us in its public statements. Likewise, we cannot know precisely how data stored in iCloud is tied to a user or device. We can assume that data is tied to an Apple ID, but for old photos to allegedly show up on a wiped and sold iPad, if true, could hypothetically mean a device’s serial number or other unique identifier might factor in somehow (although we suspect not). Some have suggested that Apple’s erase-and-reset process<\/a> might be flawed\u2014though that’s extremely unlikely, and there’s scant evidence to support that theory. (Update:<\/strong> Apple has now claimed that users’ reports insinuating that photos may have been left behind after a secure erase were “false;” read on for more details.)<\/p>\n Apple issued a software update on Monday for iOS and iPadOS, staying that there was “a rare issue where photos that experienced database corruption could reappear in the Photos library even if they were deleted<\/strong>.”<\/p>\n How exactly does a photo itself “experience database corruption”? Given that the problem occurred on wiped devices signed into a different Apple ID, Apple’s statement might mean that an iCloud Photos database on an Apple server<\/em> became corrupted. Perhaps an old, corrupted Apple database came back online recently, or was put into production (possibly mistakenly), and that caused deleted photos to return to the devices that formerly had those files on them.<\/p>\n But even that theory doesn’t fully explain what happened. That would seem to imply that iCloud Photos might had some kind of unique identifier tag on photos that associates them with a particular device to which they should be restored, and that there wasn\u2019t a validation check in place to verify that the same Apple ID was still associated with that device before restoring the photo. It would also seem to imply that, if there was a validation check, it may have occurred on the device side before 17.5, rather than the server side, since users of 17.4.1 and earlier weren’t experiencing the same issue.<\/p>\n It’s unlikely that the “Erase All Content and Settings” feature<\/a> may have been flawed for years, leaving unencrypted images behind on the device instead of truly erasing everything; there’s insufficient evidence to suggest that’s the case.<\/p>\n We’ve reached out to Apple for clarification, but Apple has not responded. Update:<\/strong> Apple responded to 9to5Mac; see below.<\/p>\n So far, reports have not indicated whether or not macOS Sonoma 14.5 or watchOS 10.5 may have been impacted by this flaw.<\/p>\n Update:<\/strong> On Thursday, May 23, Apple responded<\/a> to 9to5Mac’s inquiry about the bug. Some relevant excerpts:<\/p>\n Apple confirmed to me that iCloud Photos is not to be blamed for this. Instead, it all boils to the corrupt database entry that existed on the device\u2019s file system itself.<\/p>\n According to Apple, the photos that did not fully delete from a user\u2019s device were not synced to iCloud Photos. Those files were only on the device itself. However, the files could have persisted from one device to another when restoring from a backup, performing a device-to-device transfer, or when restoring from an iCloud Backup but not using iCloud Photos.<\/p><\/blockquote>\n In other words, Apple claims that there was not<\/em> a database corruption issue on iCloud servers. Rather, the database corruption happened in the Photos Library on individual devices.<\/p>\n Since users typically transfer their data when upgrading to a new device, that corrupted database (and any orphaned photos) got copied over.<\/p>\n Apple also claims that images will never resurface on a device that had been properly wiped following its Erase All Content and Settings procedure<\/a>. According to Apple, any claims suggesting that photos might have remained behind after a secure erasure are “false.”<\/p>\n If that’s true, then perhaps the original report from the person who sold their iPhone to a friend, and the later report about the AppleCare replacement iPad having a mysterious photo from 2004\u2014if true at all\u2014could have been caused by something else. Our working theory, as discussed on this week’s Intego Mac Podcast episode 345<\/a>, is that these two users may have at some point received the photos from someone via AirDrop, or may have downloaded them from a text message or another source, and had simply forgotten about them after deleting them years ago.<\/p>\n\n
Why does it matter if old photos resurface?<\/h3>\n
Early reports of deleted photos resurfacing on users’ own devices<\/h3>\n
Reports of deleted images reappearing on second-hand iPhones and iPads<\/h3>\n
Voicemails also reportedly reappeared for some users<\/h3>\n
What does Apple’s documentation say about data retention?<\/h3>\n
\nTo completely remove your backup data from iCloud, you can delete your individual backups before turning off iCloud Backup. Otherwise, the backup data will be retained for up to 180 days.<\/p>\n
\nWhere we delete an account, we make our best efforts to delete all personal data associated with your account. If we delete your personal data, we will both render certain personal data about you permanently unrecoverable and also de-identify certain personal data.<\/p><\/blockquote>\nHow did this happen?\u00a0(Updated)<\/strong><\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/05\/ios-update-deleted-photos.jpeg\")
<\/p>\nApple finally clarifies what happened<\/strong><\/h4>\n
Apple alleges that reports of someone else’s photos appearing were “false”<\/strong><\/h4>\n