Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to securely erase iPhone 7

Dan72

Dan72

macrumors newbie
Original poster
Nov 5, 2021
6
2
Newbie after some advice. After upgrading to an iPhone 13 Pro Max and giving my daughter my 11 Pro Max, I’m selling her iPhone 7 (mine before I upgraded to the 11). The iPhone 7 is 4 years old, purchased from new and has iOS 15.1. I used the erase function before passing to my daughter and recently, erased it twice. However, using the free Stellar data recovery software, I’m able to see, as far as I can tell, all the images the phone has stored in Photos, phone contacts and iMessage. In addition, all Whatapp media. So I used a paid version of Stellar to erase the phone, which I have now performed twice and I can still see (and view) the data mentioned above. I thought the erase function was just that but appears not. What am I doing wrong?
 
now i see it - tried this twice already, see the attached screengrab from Stellar Toolkit for iPhone which shows the thumbnails and quantity of potentially recoverable files using its deep scan facility. Not all files shown on the left are recoverable fully but the vast majority are!
 

Attachments

  • Screenshot 2021-11-06 080550.png
    Screenshot 2021-11-06 080550.png
    247 KB · Views: 97
Couple things I can think of -

  • If your computer trusted the iPhone before the factory reset, that may be an issue. Try checking it on a computer that is not trusted.
  • Do you have a backup of the iPhone 7 on that computer? If so, maybe the software is actually reading the backup and not the phone?


I am not familiar with Stellar software, but I cannot imagine that it could read the iPhone after the encryption keys have been erased unless the device was already trusted by the computer (even then, not sure that would be possible).
 
  • Like
Reactions: jetsam, chabig and now i see it
VineRider said:
Couple things I can think of -

  • If your computer trusted the iPhone before the factory reset, that may be an issue. Try checking it on a computer that is not trusted.
  • Do you have a backup of the iPhone 7 on that computer? If so, maybe the software is actually reading the backup and not the phone?


I am not familiar with Stellar software, but I cannot imagine that it could read the iPhone after the encryption keys have been erased unless the device was already trusted by the computer (even then, not sure that would be possible).
Click to expand...
No backups on the PC, just use iCloud. It’s normally the phone trusting the PC, and yes, you have to allow the iPhone to trust the PC to allow the laptop to connect to the iPhone. Nope, Stellar is definitely able to see a supposedly erased iPhone. It’s not seeing all items but it’s definitely seeing pictures, all my previous contacts and I believe at the time of erasing, any messages that were on the phone. I have Apple on the case and they are calling me again tomorrow after an unsuccessful erasing process today with them.
 
Dan72 said:
No backups on the PC, just use iCloud. It’s normally the phone trusting the PC, and yes, you have to allow the iPhone to trust the PC to allow the laptop to connect to the iPhone. Nope, Stellar is definitely able to see a supposedly erased iPhone. It’s not seeing all items but it’s definitely seeing pictures, all my previous contacts and I believe at the time of erasing, any messages that were on the phone. I have Apple on the case and they are calling me again tomorrow after an unsuccessful erasing process today with them.
Click to expand...
Strange indeed. Please keep us updated with what you find out from Apple.
 
According to Apples security white paper

The metadata of all files in the data volume file system are encrypted with a random volume key, which is created when the operating system is first installed or when the device is wiped by a user. This key is encrypted and wrapped by a key wrapping key that is known only to the Secure Enclave for long-term storage. The key wrapping key changes every time a user erases their device. On A9 (and newer) SoCs, Secure Enclave relies upon entropy, backed by anti-replay systems, to achieve effaceability and to protect its key wrapping key, among other assets. For more information, see Secure nonvolatile storage.


Based on this, it is not possible for this software to recover anything from a device that has had all settings and data erased whether the iPhone trusts the computer or not.

Data Protection in Apple devices

Apple uses various types of encryption to create and protect data files in Apple devices.
support.apple.com

Was this phone ever connected to the computer before it was erased?
 
Last edited:
VineRider said:
According to Apples security white paper

The metadata of all files in the data volume file system are encrypted with a random volume key, which is created when the operating system is first installed or when the device is wiped by a user. This key is encrypted and wrapped by a key wrapping key that is known only to the Secure Enclave for long-term storage. The key wrapping key changes every time a user erases their device. On A9 (and newer) SoCs, Secure Enclave relies upon entropy, backed by anti-replay systems, to achieve effaceability and to protect its key wrapping key, among other assets. For more information, see Secure nonvolatile storage.


Based on this, it is not possible for this software to recover anything from a device that has had all settings and data erased whether the iPhone trusts the computer or not.

Data Protection in Apple devices

Apple uses various types of encryption to create and protect data files in Apple devices.
support.apple.com

Was this phone ever connected to the computer before it was erased?
Click to expand...
After a lengthy call with Apple today, uploading images and video and running through various steps, the outcome is, don't trust the erase function on the iPhone (ios 15.1). For some reason, and I don't know if is limited to the iPhone 7 or all iPhones (neither does Apple), Erase all Content and Settings still allows low-cost recovery software to recover files - the image is above to prove. However, we then forced the iPhone to go into recovery mode and used iTunes to recover and then checked to see what could be recovered and success, there were no files that could be recovered, apart from the default files. As a second check, I used the phone Erase all Content and Settings again to recheck and rule out and anomalies and again, none of my or my daughter's files was unrecoverable. Apple didn't seem to be that bothered by the fact I was able to recover the files and said it's not till the new user puts their information on then your files could not be recovered. I countered this by say well isn't that exactly whats happened when I gave the phone to my daughter, a new user and I could still recover the data!
 
Wow, this is not good.
so, you were able to ensure a complete erasure by DFU mode and a restore function (not update which leaves files intact). Is that correct?
 
Dan72 said:
After a lengthy call with Apple today, uploading images and video and running through various steps, the outcome is, don't trust the erase function on the iPhone (ios 15.1). For some reason, and I don't know if is limited to the iPhone 7 or all iPhones (neither does Apple), Erase all Content and Settings still allows low-cost recovery software to recover files - the image is above to prove. However, we then forced the iPhone to go into recovery mode and used iTunes to recover and then checked to see what could be recovered and success, there were no files that could be recovered, apart from the default files. As a second check, I used the phone Erase all Content and Settings again to recheck and rule out and anomalies and again, none of my or my daughter's files was unrecoverable. Apple didn't seem to be that bothered by the fact I was able to recover the files and said it's not till the new user puts their information on then your files could not be recovered. I countered this by say well isn't that exactly whats happened when I gave the phone to my daughter, a new user and I could still recover the data!
Click to expand...
When I suggested doing a restore using iTunes you said it didn't work, what changed?
 
So this has been bugging me as to how this software could recover an erased iPhone that has had all the encryption keys deleted (this is essentially what happens when you erase all settings and data).

So, I downloaded the free version of Stellar Toolkit for iPhone (I ran an Intego virus scan before installing to be safe...no malware was detected), I took a couple photos on an old iPhone 6s with the camera so I'd have some old and new photos on the phone. There were a total of 7 photos on the phone before erasing along with several apps. Then, I went into settings/general/erase all content and settings on the iPhone 6s and I erased all settings and data on the phone. When finished the phone was at the hello setup screen.

Phone is running 15.1

I then connected the phone and ran the scan and all it found were bookmarks to apple.com, bing.com, yahoo.com, and help.apple.com, basically the default bookmarks when phone is setup as new. There were no photos, messages, apps, or any other data detected that was on the phone prior to erasure.

I ran the deep scan and it was not able to detect any other data in this mode either.

In my tests, this software was not able to see or detect any data that was on the phone prior to erasing all settings and data, which is what I would expect....and is also what Apple documents in its security whitepapers that outline file encryption and data security.

What I found the software is able to do, is to retrieve a photo that I deleted from the photo library and also deleted from the recently deleted items folder. The software was able to detect those photos that had been completely deleted. The caveat is that I had not erased the phone, I had just deleted the photos. So, it seems that this software is able to retrieve deleted items as long as you don't erase all settings and data.

I have worked in computer hardware and software technology for decades and if this were as simple as this software being able to retrieve old data off of an iPhone that had been factory erased, this would be a huge security breach.

I have tested this after multiple setups of adding photos (also verifying the Stellar software sees the photos prior to erasure) ,then erasing the phone. This software is never able to retrieve or detect any items that were on the phone prior to erasure.

I think we can all rest assured that when Apple says erase all data and settings erases all data and settings, that is exactly what happens.
 
Last edited:
  • Love
Reactions: now i see it
Dan72 said:
Newbie after some advice. After upgrading to an iPhone 13 Pro Max and giving my daughter my 11 Pro Max, I’m selling her iPhone 7 (mine before I upgraded to the 11). The iPhone 7 is 4 years old, purchased from new and has iOS 15.1. I used the erase function before passing to my daughter and recently, erased it twice. However, using the free Stellar data recovery software, I’m able to see, as far as I can tell, all the images the phone has stored in Photos, phone contacts and iMessage. In addition, all Whatapp media. So I used a paid version of Stellar to erase the phone, which I have now performed twice and I can still see (and view) the data mentioned above. I thought the erase function was just that but appears not. What am I doing wrong?
Click to expand...
the only thing that can erase ANY data storage device is a HAMMER.. How do you think criminals are caught even if they "erase" their computers or phones? How do you think Josh Duggar was caught even tho he used a partitioned hard drive and tor?

However, someone has to have the knowhow to get said data off so I wouldn't worry about it.. UNLESS you have something to worry about.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back