Recently I have become concerned about the fact that there is no way of checking the filesystem integrity on the iOS platform short of rooting the device and running a manual fsck. If I were to handle some files that are important for me using my iPad (5th Gen, currently running iPadOS 13.4), I would like to make sure that the underlying filesystem is in clean state before doing any file operations. And because currently there is no macOS Disk Utility equivalent for checking the partition for errors on iOS/iPadOS, I figured that the next best way to make sure that the filesystem is clean is to wipe my user data and start from scratch.
Would "Erase all content and settings" be enough to rebuild the Data partition filesystem and solve potential issues, or would I need to reinstall fresh system image using iTunes recovery for this task?
I am having a hard time understanding what "Erase all content and settings" does under the hood. Reading the Apple Platform Security doc I understand that what it does is purge the user data encryption key, rendering the data unrecoverable:
When stored, the encrypted file system key is additionally wrapped by an “effaceable key” stored in Effaceable Storage. This key doesnʼt
provide additional confidentiality of data. Instead, itʼs designed to
be quickly erased on demand (by the user with the “Erase All Content
and Settings” option). Erasing the key in this manner renders all
files cryptographically inaccessible.
Source: https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf
Does this mean that the filesystem on Data partition in itself is untouched by this process short of removing the encryption keys, i.e. the user data is left on the partition but unaccessible after wipe? Or does it also do a quick format of the user partition, thus rebuilding the filesystem?
Note: I currently do not experience any particular problems with my device. However, I haven't wiped it even once since the purchase 3 years ago, and since that time it went through multiple updates, app crashes, etc. I know that APFS should theoretically be resistant to filesystem corruption, but at the same time I believe that no software is perfect and there is always risk of some bugs happening that could silently cause problems. I use a MacBook Air as my work PC and I did experience some consistency errors on my user partition that uses APFS, which did not cause any noticeable issues but were solved only by going into Recovery mode and running diskutil manually. So I am concerned that similar issues could be happening on the iPad in the background without attracting attention.
Thanks!
Best Answer
The data is still there - but no-one is ever going to be able to read it.
Let me take a distant example…
You lose your house keys. All the furniture is still there, you just cannot get to it.
The difference in this case is the ease with which you could actually break a window to get in, or you could call a locksmith.
The locksmith required to decrypt your iOS data is not available on the other end of a phone call. It would require the involvement of probably something as rich & powerful as a government agency, determined to prove you are a terrorist.
Because of this encryption & the way that solid state storage works to spread the load, if you then restore or set up a brand new install, your old data is more than just un-decryptable, it's also been randomly overwritten too. Solid State storage doesn't write sequentially like an old hard drive. The concept of 'bad blocks' is not the same.
Of course, you would never store the only copy of any data in a single location, especially not a fragile mobile device. Far more likely than file corruption is serious physical damage to the entire unit.