Earlier today, Apple issued a fix in iOS and iPadOS 17.5.1. Patching buggy software is a good, normal thing. But that’s not the issue here. The issue is that the fix “addresses a rare issue where photos that experienced database corruption could reappear in the Photos library even if they were deleted” — and that’s all Apple has to say about it.
On iOS, deleted photos technically spend 30 days in the Recently Deleted folder before disappearing for good, but the intent to send a photo to digital oblivion is still there. A reasonable person would expect a deleted file to stay that way. That’s why it’s understandable that people freaked out last week when photos deleted years ago had suddenly reappeared in their iPhone photo library.
Screenshot: iPadOS
This is obviously a privacy concern. It raises valid questions as to how Apple stores photo data and whether iPhone owners can truly trust that their deleted data is actually deleted. The Verge has reached out to Apple multiple times to comment publicly on the matter but has yet to receive a response. Doing so would at least shed light on why this bug happened, what’s been done to fix it, and what it’s doing to ensure that this won’t happen again. However, Apple has yet to respond.
What’s troubling is that, so long as Apple remains silent, we have no idea of how far this bug goes. Some iPhone owners have reported the same thing happening with deleted voicemails. Did the bug only impact people who use iCloud photo backups? Another post claimed that old photos appeared on an iPad that was sold to another person. All today’s fix confirms that this bug did exist, it was a problem, and it had something to do with database corruption. And by ignoring requests to comment publicly on the matter, it doesn’t impart confidence that this won’t happen again.
Sure, you could push your glasses up your nose and say, “Well actually, no file is ever really deleted until it’s overwritten...” And while that is true, a reasonable customer would expect that when Apple says a deleted file is permanently deleted, this sort of thing shouldn’t even be possible.
Mistakes and goofs happen. Cybersecurity researchers find bugs and vulnerabilities all the time. Often, they report the issues to the companies involved before they can be exploited and only divulge the weaknesses after they’ve been fixed. It’d be reasonable if Apple wanted to wait until the bug was fixed to prevent bad actors from exploiting the situation. However, that doesn’t give them the pass to stay mum on the issue forever.
If anything, Apple ought to comment simply because it markets itself as a company that cares about your privacy. It’s spent countless WWDC keynotes talking about software updates to keep your data encrypted so that not even Apple knows what’s going on on your phone. That you can trust its services because privacy is a fundamental, core tenet of its philosophy. Responsible disclosure and transparency are the hallmarks of a company that truly believes in protecting your privacy. Brushing things under the rug? Not so much.