iOS: Apps persist data after full deletion
6 pointsby WorldDeva day ago4 comments
  • soulchild377 hours ago
    Apple local keychain data seems to be persisted even after the app uninstallation : https://discussions.apple.com/thread/255712703?sortBy=rank
    • WorldDev3 hours ago
      Yes, I think that's right, you've found the root of the issue. Thanks for that link. Not great, I expected better from Apple.
  • al_borland18 hours ago
    Do you Facebook installed? Did you delete both apps at once? Are you logged into any Meta owned services in Safari?

    Many apps look for authenticated sessions across their other apps to log you in. Google does this too.

    • WorldDev12 hours ago
      No, I made sure I had only instagram installed and no other app from the same vendor.
  • ben_wa day ago
    Deleting an app is not meant to be a privacy nuke, it’s just an uninstall. This can even happen semi-automatically to save space e.g. during system updates.

    On iOS, certain things intentionally survive app deletion, most notably the Keychain. Credentials stored there are not removed when you delete an app, by design. I mean, it is shared with web login, and apps do have associated domains.

    I'd have to check if apps can read your phone number, I think they can, that's one of the standard UUIDs for a lot of messenger apps.

    And apps from the same group can have a shared set of preferences. Or could: I never needed to add that feature to any app I've worked on, so if it was ever removed (or if I misunderstood the mechanism) I never found out.

    Now, back in the iOS 4 (5?) era I did manage to get the horrifying situation where a factory reset(!) device was still getting push notifications for my twitter account (with no app installed), so I won't say nonsense can't happen (and you listed Meta apps, and Meta have a reputation for pushing the limits on exactly this category of nonsense), just that what you're describing isn't a smoking gun.

    • WorldDev12 hours ago
      Right, but I deleted the app and all its data. I made sure there was no other app from the same vendor left on the device.

      I checked the "Passwords" and there was no entry for these apps (I think that's the only place for the keychain on ios?).

      And it's not about the phone telling its phone number.

  • walterbella day ago
    What happens if you delete all apps created by Meta?
    • roscasa day ago
      If you have an Android computer (aka smartphone) and you have the Facebook app and you delete it, it deletes one out of 4 apps that are installed. You will still get tracked and spy continues as usual. You need to connect the "smartphone" to the computer and remove all other 3 spy apps. This is for the apps topic. The app's data means absolutely nothing. All data that Facebook receives is never ever never deleted. Nor if you request it. Ever. But every app uninstall should also remove all the data. I don't know it if does.
    • WorldDev12 hours ago
      I tried that, and it still has access to account username on reinstall.