Spotlight finds deleted e-mails on iPhone

Spotlight finds deleted e-mails on iPhone, but don't panic (Updated)

Spotlight on the iPhone can find your deleted e-mails—oh no! The problem has been blown way out of proportion, though, and Apple has reportedly "fixed" the issue for iPhone OS 3.1.

The Mac blog-o-verse has been abuzz recently with the revelation that a Spotlight search can turn up deleted e-mails on an iPhone. While described as a bug or potential security issue, the truth is less scary than that. Additionally, it seems that Apple has already added a fix to the iPhone OS 3.1 update that is currently in beta.

Cult of Mac reader Matt Janssen revealed the bug yesterday morning after he discovered that an e-mail he remembered deleting showed up in a Spotlight search. "Obviously this is could be a major security issue if you think you deleted something from your iPod but it's not really deleted," Janssen told Cult of Mac. "You can still search through messages that are deleted. And this isn't messages that are just recent. I found some messages that are over three or four months old."

But, as TUAW points out, the problem is that when you hit "delete" on an e-mail, most (if not all) e-mail clients put the message in a special Trash folder. This is just like using the Trash on your desktop—it's a temporary staging area where you can retrieve messages if you deleted them accidentally. And, just like Spotlight on the Mac, Spotlight on the iPhone OS can find e-mails that are in the Trash. (By default it normally will ignore messages trashed in Mail, but you can search the Trash easily in Mail itself.)

Depending on the settings on your server, these messages may be "emptied" from the Trash in seven days, 30 days, or maybe even never. On the iPhone itself, the setting to control when messages are automatically emptied from the Trash is buried several levels deep in the Settings app (Mail, Contacts, Calendars > account > Account Info > Advanced > Remove Deleted Message...). I like TUAW's suggestion that Apple add an "Empty Trash" button in the iPhone version of Mail, but it turns out that is easy to do in iPhone OS 3.0. As Ars reader lloeki points out, just go to an account's Trash folder, press "Edit," then press "Delete All."

There is good news for those who would just assume messages in the Trash wouldn't turn up in a search, though. A tipster for Gizmodo said Apple is aware of the issue, and it appears that the current iPhone OS 3.1 beta doesn't show trashed e-mails in search results. So, it seems the crisis will be averted soon.

Still, even though the messages won't show up in a Spotlight search, that will only thwart casual peepers looking through your mail for potential dirt or other sensitive information. Those e-mails will still be in the Trash folder in your iPhone or iPod touch's flash memory, and will get backed up whenever you sync your device to iTunes. A more skilled hacker could find them if they wanted, so it's still best to manually empty e-mails that you don't want anyone else reading out of the Trash. To be extra safe, you could then zero out the free space on your device.

UPDATE: It appears that even after deleting messages form the Trash, they can still show up in Spotlight searches if the account in question is a POP account. According to TUAW's Mike Jones, whether or not the message can be accessed once it shows up in the Spotlight search is hit or miss as well. Since we use our iPhones with IMAP accounts, which are unaffected by the bug, we didn't notice the problem. Still, a fix from Apple is definitely on its way when iPhone OS 3.1 becomes available.