Apple, a company that doesn’t shy away from touting itself as a privacy-conscious tech brand, proved that it was just like everyone else when a critical bug affected iPhone users running iOS 17.5. For those unfamiliar, iPhone users noticed that previously-deleted photos reappeared on their device and in iCloud after installing the iOS 17.5 update. This perplexed users, and potentially indicated a bigger problem with Apple’s cloud storage practices. That’s because some deleted photos dated as far back as 2010.
As it turns out, the bug didn’t have anything to do with iCloud at all. Apple’s iOS 17.5 update started restoring deleted photos due to a flaw with the way flash storage works, and that means it could happen on any of our favorite Android phones too. It was Apple that suffered from it this time, but it could be Google, Samsung, or another manufacturer the next time. Here’s what happened, how flash storage caused the problem to begin with, and how you can protect yourself — and your Android phone — moving forward.
iPhone 15 Pro Max review: The phone everyone else is choosing
The bubbles might be bluer, but is the grass greener?
What really happened with this iOS photo bug?
iOS 17.5 started restoring deleted photos and uploading them to iCloud
There was a lot of speculation about what caused iOS 17.5 to start redownloading once-deleted photos, and that’s because Apple didn’t tell anyone exactly what went wrong. It simply patched the issue with the release of iOS 17.5.1, and said the following in the update’s release notes:
This update provides important bug fixes and addresses a rare issue where photos that experienced database corruption could reappear in the Photos library even if they were deleted.
Though the update acknowledged the issue and provided a fix, Apple originally didn’t clarify what went wrong or what it would do to prevent the same thing from happening again. Initially, we thought this was all Apple would say about the critical bug, which restored sensitive photos and some sexually-explicit ones, per user reports. Due to the severity of this problem, that approach would have been extremely disappointing, but Apple followed-up the release of iOS 17.5.1 with a proper explanation later in the week.
If you or someone you know was affected by this bug, note that iOS 17.5.1 doesn’t automatically delete photos restored while running iOS 17.5. To protect your privacy, be sure to delete restored photos again after updating to iOS 17.5.1.
Apple elaborated on the Photos library issue on May 23 in a comment to 9to5Mac. The company explained that photos that were not fully deleted from an iPhone reappeared after updating to iOS 17.5 in some cases. In an important clarification, Apple says the bug had nothing to do with users’ iCloud Photos collections. The reappearing photos happened due to a database corruption error affecting on-device storage. It’s possible that after the photos reappeared on the original device, they were eventually synced with iCloud if the original device had iCloud Photos enabled. But the photos weren’t mistakenly saved in iCloud, and they couldn’t have reappeared if a user performed a full secure erase and factory reset.
This revelation is both good and bad news. It’s great that Apple isn’t holding your personal data in the cloud without your permission, but it’s not-so-great that the issue is related to on-device storage. That’s because it means the underlying problem here could affect any device with flash storage. This includes Android phones and tablets, or even laptops and PCs using SSDs.
This problem isn’t unique to iOS 17.5
Apple explains that the problem derived from a pointing issue
If you’re not an enthusiast with a lot of technical expertise, it might be tough to decipher what exactly Apple is referring to as a “database corruption” error. However, when you uncover how flash storage works, it’s easy to figure out what happened — and how it could happen on any device with NAND flash chips. Let’s start with a high-level overview of how data is stored with flash storage. Unlike hard drives that store data on physical spinning platters, flash storage sees data as ones and zeros.
When you delete something on a flash chip, the actual data isn’t deleted. You’re deleting the pointer to that data from the flash controller. In other words, you’re removing the operating system’s ability to find something in the file system, or in this case, the Photos library. It’s like if you hid something somewhere, but you completely forgot where you put it and the instructions for finding it. The thing you hid is still exactly where you hit it, you just have no idea where it is. The data is still stored on the flash chip somewhere, your operating system just can’t find it.
iOS 17 vs. Android 14: The biggest features compared
Google is working on Android 14 QPR1, and Apple has released iOS 17.1, but which is better?
This usually isn’t a problem, because eventually, your operating system will need to either download or store something new by overwriting the old data. But there’s no rhyme or reason for which data gets overwritten and when. Something you deleted yesterday could be overwritten today, and something you deleted five years ago could be hiding on the flash chip somewhere. And since our phones now have very large amounts of storage, it can take a while to fill up a flash chip and overwrite all the old information. This “flaw” with NAND flash storage, as some might see it, could pose more of a problem as devices ship with larger capacities that are harder to completely overwrite.
With this deeper understanding of flash storage, Apple’s bug becomes a lot easier to grasp. The iOS 17.5 update didn’t actually restore old photos — they were already there, lurking somewhere on an iPhone’s flash chip and waiting to be overwritten. The update did restore the pointers to those photos, allowing the Photos library to start seeing them again. Although it happened to Apple this time, the same thing could conceivably happen to any Android phone in the future.
This could happen on any flash chip
Whether it’s an iPhone or an Android device, a secure erase is the only way to make something gone for good
Hopefully, this bug helps people learn a bit more about flash storage and the security of data on their devices. The only way to ensure data is completely deleted from your device is by doing a secure erase. For both iOS and Android, completing a full factory reset automatically performs a secure erase. Without one, there’s a chance deleted data is still on the flash chip, whether you’re using an iPhone or an Android phone.
How to factory reset your Android phone or tablet
For when you’re troubleshooting, selling, or trading in your phone