(sorry, you need Javascript to see this e-mail address)

Top stories

Filter posts by: Mac iOS Hardware Software

Warning: iPhone Bug Allows Deleted Email To Be Retrieved With Simple Search

By Leander Kahney (11:53 am, Aug 17 2009)

Never use your iPhone for incriminating or embarrassing emails you might not want others to see.

CoM reader Matt Janssen has just found a bug in the iPhone’s 3.x software that allows deleted email to be retrieved.

In other words, the iPhone and iPod Touch’s Mail app doesn’t properly delete email. Erased email messages can be easily retrieved using a simple search with the iPhone’s built-in search tool.

“Obviously this is could be a major security issue if you think you deleted something from your iPod but it’s not really deleted,” says Janssen. “You can still search through messages that are deleted. And this isn’t messages that are just recent. I found some messages that are over three or four months old.”

The bug could reveal embarrassing email sent or received by cheating spouses, or messages that kids don’t want their parents to see. It’s present in the software for both the iPhone and iPod Touch.

Janssen has made a video to demonstrate the bug. In the video, Janssen creates an email in a standard POP account, sends it to himself and then deletes it. The message appears to be gone from his inbox, but he’s able to retrieve it using the iPhone’s Search function. Janssen has to search for the deleted message twice. On first try, the Mail app crashes and sends him back to the Home screen. But on the second try, the message is retrieved and displayed. It even retrieves messages that are deleted from the server.

“Hopefully Apple will fix it in some later releases,” says Janssen.

Link to Jannsen’s YouTube video.

19 comments »

More from Cult of Mac

About the author

Leander Kahney

is the editor and publisher of Cult of Mac, and author of three books about technology culture: Inside Steve’s Brain, the New York Times bestseller about Steve Jobs; Cult of Mac; and Cult of iPod. Leander has written for Wired, MacWeek, Scientific American, and The Guardian in London. Follow Leander on Twitter @lkahney and Facebook.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in Apple, iPhone, iPod Touch, News, Software |

  • Wingspinner

    Ahhh , any moron know that your messages go into the “Deleted” mailbox until you empty it.

  • Phillip

    Well the reason the search displays this is because the email is still in the Trash Folder. Since it is still in the Trash Folder it is still on the server. Delete from Trash you have fixed your problem.

  • Dude

    So remember kids, don’t use POP, go for IMAP.

  • http://cultofmac.com Leander Kahney

    I should have tested this before posting. Matt may have jumped the gun. As you guys noted, he may simply be finding ‘deleted’ email in the iPhone’s Trash folder, where it is stored until the folder is emptied.
    I just deleted a message on my iPhone, cleared the Trash folder on my Mac, and lo-and-behold, the message is gone for good: it doesn’t appear in a simple search. I’ve asked Matt to double check.

  • jetfuellatte

    As always, if you lose physical control of your device, you should have zero expectation of security.

  • http://www.christowlson.com topher

    You shouldn’t use email at all for anything incriminating or embarrassing since the other participant will have a copy of the email even if you delete it!!

  • Matt Janssen

    Hi guys,

    Thanks for the comments (except maybe the person who called me a “moron”). If you would kindly watch the video starting at 59 seconds – you can see that I open the Trash folder on my iPod and delete the message. Please take a look at the video again – and if you didn’t even watch it before posting: shame on you.

    Matt Janssen

    BTW Leander, you spelled my last name 3 different ways within the post.

  • Gene

    So… if it’s not displaying the email within the Trash folder, the logical explanation is that Spotlight actually makes a COPY of all our emails when it indexes them? And then it lags behind when an event such as delete happens, not indexing the change for a little while?
    I can’t help but wonder how serious this really is — try the whole thing again, but leave a few minutes between the time you delete and the time you search. Doing the search immediately is not really “fair” and I can’t believe that a few moments delay in removing something from the search index is that big of a security issue on an inherently insecure device such as a mobile phone.

  • Gene

    Also – I wonder if the first search crash was because the index was in the midst of being updated; after the crash it reverted back to the previous index and waited to update it again?

  • Jordan

    Gene, he said some of them were as old as month’s prior. Read the damn article and watch the damn video! Ok, Gene!

  • Anonymous Coward

    This problem doesn’t appear in B3 of 3.1

  • http://adsl2choice.net.au Affinity

    Is there a clear cache option? Perhaps that is where the message is coming from.

    Also, perhaps a complete shutdown and restart of the iPhone will clear this? Has that been tried?

  • G2

    This may or may not be a security issue but there definitely are a couple of bugs here. 1, the search crashing instead of a graceful failure and 2, the email showing up in the search even though its been deleted (searching immediately might not be “fair” but someone might do it for some reason and crashing could leave the index in a bad state for all future searches ?). The post mentions that the user has seen emails, deleted a few months ago, showing up on search, but I agree it would be nice to test/share a video, if it actually shows up an email older than say a month.

    Good catch whoever found it!

  • Crys

    On my phone it disappears after a few minutes. Of course the copy in the sent box is still there unless I delete that, then everything goes. No record remains. I’m surprised CoM even bothered posting this story, although the crash is perhaps newsworthy.

  • http://www.typemock.com Moran

    I had a much worse bug on my iPhone – you can read about it here :
    http://blog.typemock.com/2009/08/why-do-software-development-companies.html

  • nathan vurgest

    I LOVE U MARK JANSEN!!! that tottally worked u are amazin!

  • http:www.joineraberdeen.info Marko

    Wow,what a lifesaver I’d deleted an email I needed and got it back using this technique..AWESOME, thankyou.

  • http://idk? biff

    he obviously deletes it and then clears out his trash.
    so i dont really know what you fags are talking about?

  • http://www.techuelx.com techuelx

    so does it mean the mails are deleted in the iPhone only or in database as well