Yes, that’s the successor document. You can also use the old iPhone 4 era iOS security guide, the file system details are not a fast moving target. The addition of the Secure Enclave changes things a bit.
Anyway, the idea is that data only hits disk encrypted with a per-file key that is stored with the directory information. When you delete a file, the key is obliterated, rendering the deleted data unrecoverable from block storage. The explanation proffered by the journalist that data isn’t really deleted when you delete it from disk, doesn’t hold. Because it is. Or at least the key to it.
A more likely explanation is spare copies either in the cloud or on the device not getting cleaned up. But deleted files on iOS are proper gone.
APFS’s per-file keys are super cool, I didn’t realize they were doing that. But do we know if the photos app is actually using the filesystem for storage? I don’t think photos show up in the files app, for instance.
What makes you think iPhones are any different?
The iOS security guide, for example?
It’s a fascinating document.
Could you be more specific on what you’re talking about? I found the “Apple Platform Security” document, is that what you mean?
Yes, that’s the successor document. You can also use the old iPhone 4 era iOS security guide, the file system details are not a fast moving target. The addition of the Secure Enclave changes things a bit.
Anyway, the idea is that data only hits disk encrypted with a per-file key that is stored with the directory information. When you delete a file, the key is obliterated, rendering the deleted data unrecoverable from block storage. The explanation proffered by the journalist that data isn’t really deleted when you delete it from disk, doesn’t hold. Because it is. Or at least the key to it.
A more likely explanation is spare copies either in the cloud or on the device not getting cleaned up. But deleted files on iOS are proper gone.
APFS’s per-file keys are super cool, I didn’t realize they were doing that. But do we know if the photos app is actually using the filesystem for storage? I don’t think photos show up in the files app, for instance.
They are on the file system in /private/var/mobile/Media, and no, they are not accessible using the file app. Apple, what can you do ;)