iOS Hidden Folder vs a Vault App: What Actually Protects Your Photos?

Since iOS 16, the Hidden folder in Photos requires Face ID or your passcode to open. Feels like Apple solved the problem.

They didn't. At least not for anyone who needs real privacy.

The Hidden folder is fine for keeping gift ideas out of your camera roll. It was designed for convenience, though — never as a vault. Here's what it actually does.

1. Everyone knows where it is

Photos → Albums → scroll down → "Hidden." That's it. Labeled, obvious, one tap away.

There are millions of TikTok posts explaining how to find it. Every tech blog has covered it. There's no obscurity left.

A separate vault app puts your private photos outside of Photos entirely — encrypted, behind a different PIN, in an app that doesn't advertise itself as a vault.

2. It uses your device passcode

This is the fundamental flaw. The Hidden folder is protected by the same Face ID and passcode you use to unlock your phone.

Think about who has seen you enter that passcode. Your partner. Your kids. Your coworker in a meeting. Someone on the subway.

The Wall Street Journal documented a wave of shoulder surfing attacks in 2023 — thieves watch people enter their passcode in bars, then steal the phone. Once they have the passcode, they have your Apple ID, your data, and your Hidden folder.

Inner Gallery uses a separate PIN for each space. Your phone passcode doesn't open Inner Gallery. Your Inner Gallery PIN doesn't unlock your phone. Independent authentication.

3. No per-file encryption

The Hidden folder doesn't add any encryption to your photos. The files sit on disk the same way as every other photo — they're just hidden from the main view.

iOS does encrypt the filesystem at the hardware level, which is great. But that encryption is transparent once the phone is unlocked. Any process running on the device can access Hidden folder photos at that point.

Inner Gallery encrypts each file separately, using a key derived from your PIN through PBKDF2 with 100,000 iterations. Even with root filesystem access, Inner Gallery files are encrypted blobs without the PIN.

Completely different threat model.

4. iCloud syncs your hidden photos

If you use iCloud Photos — and Apple says most iPhone users do — your Hidden folder syncs to the cloud. That means your "hidden" photos are:

• Stored on Apple's servers
• Included in iCloud backups
• Accessible at iCloud.com if your Apple ID is compromised
• Subject to law enforcement requests, which Apple publishes transparency reports about

Apple launched Advanced Data Protection in late 2022, which offers end-to-end encryption for iCloud data. But it's opt-in, not available everywhere (Apple removed it from the UK in 2025 after a government request), and most users haven't enabled it. By default, Apple holds the encryption keys.

Inner Gallery photos never leave the device. No iCloud. No sync. No upload. One copy, encrypted, on your iPhone.

5. No compartmentalization

The Hidden folder is one bucket. Everything goes in together. One lock, one passcode.

If you want to keep financial documents separate from personal photos — different access levels, different passwords — there's no way to do that.

Inner Gallery supports multiple spaces, each with its own PIN and its own encryption key. Unlocking one space reveals nothing about the others. That's compartmentalized security) — the same principle used in intelligence and military systems for information isolation.

6. Metadata still leaks

Hidden photos can appear in Spotlight search and Siri Suggestions. The metadata — dates, locations, detected objects — gets indexed by the system even when photos are "hidden."

Inner Gallery files are encrypted. No EXIF metadata exposed. No location data for Siri. No thumbnails cached by the system. iOS treats them as opaque data.

When the Hidden folder is enough

For low-stakes stuff, it works fine:

• Screenshots you don't want cluttering your feed
• Party planning photos
• Surprise gift ideas

If the worst outcome is mild embarrassment, the Hidden folder does the job.

But if you need actual privacy — from someone with your passcode, your iCloud account, or legal authority — the Hidden folder stops at casual scrolling.

Inner Gallery gives your photos per-file encryption, separate PINs per space, zero iCloud sync, and zero metadata exposure. Try it free on the App Store.