iOS Hidden Folder vs a Vault App: What Actually Protects Your Photos?

The Hidden folder is fine for keeping gift ideas out of your camera roll. It was designed for convenience, though — never as a vault. Here's what it actually does.

1. Everyone knows where it is

Photos → Albums → scroll down → "Hidden." That's it. Labeled, obvious, one tap away.

There are millions of TikTok posts explaining how to find it. Every tech blog has covered it. There's no obscurity left.

2. It uses your device passcode

This is the fundamental flaw. The Hidden folder is protected by the same Face ID and passcode you use to unlock your phone.

Think about who has seen you enter that passcode. Your partner. Your kids. Your coworker in a meeting. Someone on the subway.

The Wall Street Journal documented a wave of shoulder surfing attacks in 2023 — thieves watch people enter their passcode in bars, then steal the phone. Once they have the passcode, they have your Apple ID, your data, and your Hidden folder.

Inner Gallery uses a separate PIN for each space. Your phone passcode doesn't open Inner Gallery. Your Inner Gallery PIN doesn't unlock your phone. Independent authentication.

3. No per-file encryption

The Hidden folder doesn't add any encryption to your photos. The files sit on disk the same way as every other photo — they're just hidden from the main view.

iOS does encrypt the filesystem at the hardware level, which is great. But that encryption is transparent once the phone is unlocked. Any process running on the device can access Hidden folder photos at that point.

Inner Gallery encrypts each file separately, using a key derived from your PIN through PBKDF2 with 100,000 iterations. Even with root filesystem access, Inner Gallery files are encrypted blobs without the PIN.

4. iCloud syncs your hidden photos

If you use iCloud Photos — and most iPhone users do — your Hidden folder syncs to the cloud. That means your "hidden" photos are:

• Stored on Apple's servers
• Included in iCloud backups
• Accessible at iCloud.com if your Apple ID is compromised
• Subject to law enforcement requests, which Apple publishes transparency reports about

Apple launched Advanced Data Protection in late 2022, which offers end-to-end encryption for iCloud data. But it's opt-in, not available everywhere (Apple removed it from the UK in 2025 after a government request), and most users haven't enabled it. By default, Apple holds the encryption keys.

5. No compartmentalization

The Hidden folder is one bucket. Everything goes in together. One lock, one passcode.

Inner Gallery supports multiple spaces, each with its own PIN and its own encryption key. Unlocking one space reveals nothing about the others. That's compartmentalized security — the same principle used in intelligence and military systems for information isolation.

6. Metadata still leaks

Hidden photos can appear in Spotlight search and Siri Suggestions. The metadata — dates, locations, detected objects — gets indexed by the system even when photos are "hidden."

Inner Gallery files are encrypted. No EXIF metadata exposed. No location data for Siri. No thumbnails cached by the system. iOS treats them as opaque data.

Side-by-side

When the Hidden folder is enough

For low-stakes stuff, it works fine: screenshots you don't want cluttering your feed, party planning photos, surprise gift ideas.

Related reading:

• How to Hide Photos on iPhone — every method compared side by side
• Are Photo Vault Apps Actually Safe? — what Keepsafe, Private Photo Vault, and HiddenVault actually do with your photos
• 5 Best Photo Vault Apps for iPhone in 2026 — honest review with pricing and encryption details
• Is iCloud Photos Really Private? — what Apple's fine print says about your photo library

Download Inner Gallery on the App Store