Apple’s cloud storage practices have been called into question once again — that too from the same Russian security firm called Elcomsoft who’s earlier identified gaping holes in its iCloud service. The latest discovery detailed by them in an official blog post states that Apple has been storing deleted notes on the cloud for far longer than required. The deleted notes are stored in the ‘Recently Deleted’ folder for 30 days before being permanently removed from the cloud. Not really!
Elcomsoft researchers have proven its claim simply by using an updated version of its Phone Breaker tool (version number6.5) to recover notes that should’ve been permanently deleted from iCloud. This tool was able to extract a collection of deleted notes, fifty to be price, which were deleted more than 30 days ago. That’s beyond the grace ‘deletion’ period mentioned in Apple’s data privacy documents and puts the user’s data in jeopardy.
The oldest deleted note that Elcomsoft was able to gain access to dated back to 2012. Oh yeah, they recovered a note from five years back and are currently working to extract data for more sample accounts to provide a conclusive result. The same presently vary from account to account, where a large number of notes have been discovered from one user while the other returned only a handful of them. There is presently no way to guess the complete effect of the vulnerability, so we’ve contacted Apple for more info and will update you once we hear back from them.
As Elcomsoft mentions in its blog post, this is the third time that some sort of iCloud data has been found to be recoverable by means of special software and tools. But, it raises a very important question about Apple’s ethics code, who’s now been found to be storing photos, browser history and deleted notes longer than the defined grace period. Talking about the blog post reads:
Once we made a discovery about deleted photos being kept in iCloud Photo Library for years, Apple was prompt to making those images disappear. Once we discovered that Safari browsing history records are never deleted from the cloud, Apple patched that as well. There is no doubt Apple will fix the current issue.
The question is: what other data you don’t want Apple to keep is still retained by the company? And does Apple actually destroy deleted records or simply hides them or moves to a different server? These questions still have no answer.
As for concerns about privacy issues with the deleted notes, you don’t have to worry about anything until a hacker isn’t particularly targeting you and has a set of special tools to gain access to necessary files. Elcomsoft looks for such exploits in cloud services, and seems to have gotten lucky another time. Apple will definitely release an update or patch the presently unknown vulnerability from the backend to fall in line with its privacy policies.