• @[email protected]
        link
        fedilink
        15 months ago

        Could you be more specific on what you’re talking about? I found the “Apple Platform Security” document, is that what you mean?

        • @[email protected]
          link
          fedilink
          1
          edit-2
          5 months ago

          Yes, that’s the successor document. You can also use the old iPhone 4 era iOS security guide, the file system details are not a fast moving target. The addition of the Secure Enclave changes things a bit.

          Anyway, the idea is that data only hits disk encrypted with a per-file key that is stored with the directory information. When you delete a file, the key is obliterated, rendering the deleted data unrecoverable from block storage. The explanation proffered by the journalist that data isn’t really deleted when you delete it from disk, doesn’t hold. Because it is. Or at least the key to it.

          A more likely explanation is spare copies either in the cloud or on the device not getting cleaned up. But deleted files on iOS are proper gone.

          • @[email protected]
            link
            fedilink
            15 months ago

            APFS’s per-file keys are super cool, I didn’t realize they were doing that. But do we know if the photos app is actually using the filesystem for storage? I don’t think photos show up in the files app, for instance.

            • @[email protected]
              link
              fedilink
              25 months ago

              They are on the file system in /private/var/mobile/Media, and no, they are not accessible using the file app. Apple, what can you do ;)