Bad Apple #5: iCloud Drive Folder Sharing Risks Data Loss

Originally published at: Bad Apple #5: iCloud Drive Folder Sharing Risks Data Loss - TidBITS

iCloud Drive folder sharing has been around since macOS 10.15 Catalina, which makes it all the less acceptable that someone with whom the folder is shared can delete a file permanently and with only one possible—and unmentioned by Apple—option for recovery.

1 Like

Hmmm… I wonder if Apple is looking at it differently. Let’s say I shared a file, realized it was an embarrassing mistake and wanted to unshare it immediately. I certainly don’t want everyone else to have access to it when I delete my copy. I want it gone entirely.

So there are a few scenarios:

  • I am the folder’s creator. I delete a file, it should remove everyone else’s copy and the file should end up in
    My trash folder.
  • I am not the folder’s creator. I delete a file, it should still be accessible somehow. Maybe on the iCloud website under the Trash/Deleted folder?
  • Should a similar thing happen when I move a file out of iCloud and make it local. A document sharer shouldn’t be able to delete the document. Maybe the folder owner should be able to.
  • Should this be based upon the creator of the folder or of the file? I created a folder, another person created a file in that folder. Who should be able to completely delete the file?

Apple’s tools are consumer tools and not business tools. File retention is extremely important for a business. You don’t want an employee to decide to delete all of the shared files they have access to right before they storm out upset at something. Thus, in a business tool, you never completely delete a file simply because an employee (or manager) deleted it.

However, as a consumer maybe the picture of me in my muscle shirt and shorts showing off my (grand)dad body might be something I no longer want to share now that I’m running for governor. I might have shared it with a dozen friends as a joke, but maybe I don’t want it leaking out there. I should be able to revoke sharing rights and suddenly no one has access to it.

None of this means Apple did this right, but it might explain Apple’s thinking a bit. Even as a consumer tool, Apple still needs to make sure they did it correctly.

1 Like

You’re very generous. :slight_smile:

If Apple was thinking along these lines, it would need to automatically exclude all iCloud Drive shared folders for which you’re not the owner from Time Machine backups. As it stands, everyone in a shared folder can have a complete copy of that folder’s contents in a local Time Machine backup. So I doubt that’s playing into the equation.

Even ignoring the Time Machine backup, which Apple itself seems to do, if Apple wants to let collaborators remove their files from a shared folder immediately, it should be putting the deleted file in the local Trash of the user who’s deleting it. Some deletions are entirely accidental, and no one should be punished for a mis-click before hitting Command-Delete / Return.


Hmm, I’ve had an even better idea. What if deleting a file from a shared iCloud Drive folder simply did a move to a local hidden folder before putting it in the local Trash? In other words, make the file local first, then trash it like any other local file. That way there’s a local version that could be restored like any other file? This doesn’t seem like rocket science. Or computational photography.

What about the case where the file hasn’t been downloaded locally because the Mac is optimizing its storage? If someone deletes it, is the file supposed to be downloaded and then put in the local trash? What if the file is large and there’s not enough free space locally?

Fair point. It’s harder to know how the iCloud Drive Recently Deleted folder works because it’s in the cloud, but using both that and the local version if there’s space is the answer.

Apple never uses the word “sync.” You will never see a “sync now” button. Maybe the less informative “Update” or something like that.

It appears that Apple is treating the shared iCloud drive as a networked drive. I’ve always found it strange that if I attach the home folder on my desktop to my laptop and then delete a file or folder on the desktop from the laptop, it doesn’t pass through any computer’s trash, but, after a warning, is immediately deleted. Yet if I’m on the desktop, the deleted file is in that computer’s trash.


In the article, you wrote:

If you open your iCloud Drive folder in the Finder and press Command-. to reveal hidden files and folders, you’ll see a hidden .Trash folder (press Command-. a second time to hide them again).

That doesn’t work here on Monterey. Does that feature have to enabled first somewhere?

1 Like

I guess I could be less generous and possibly more accurate, so maybe something like this:

Back in 2011, before iCloud was announced, it was revealed that Steve Jobs wanted to buy Dropbox, but failed. I imagine the conversation went like this:

Steve: Dammit, I wanted to buy Dropbox, and they wouldn’t accept my offer. I even offered them free iPhones! I want you to implement something like Dropbox into our operating systems! I want it by the next release.

Engineer: That sounds like a wonderful idea! I’ll put together a team right now. We’ll go through syncing and various scenarios on file sharing and deleting. We don’t want people to lose work, but we must protect privacy. I should have a proposal put together in four weeks. Of course, it won’t go into this OS release, but it’ll be ready…


So, maybe Apple was a bit light on features, workflow, and testing.

I use iCloud quite heavily to sync files between my Mac, iPhone, and iPad. It’s great when someone wants me to update a file while I’m away from my desk, and I can pull up my iPhone and get the change in right then and there.

And in that scenario, iCloud works great. However, sharing files between people, not so wonderful. I use it to share some files between my wife and myself. Usually things like house sitter instructions, so my wife or I can print them out. Actually, she usually asks me to do it, but at least I know that these things are in our shared folder.

If I was not retired, I’d probably have a standard subscription to Dropbox rather than the free version just to share files between myself and colleagues. I wouldn’t trust iCloud for that. Plus, that would require them to have iPhones and Macs.

I’m going to try to test various sharing scenarios to see how they work out.

With Apple’s iPhone/iPad focus, Time Machine, a great piece of software is sort of forgotten. I wish iCloud had a built in Time Machine backup system where you can go back in time to see older file versions.

An unrelated iCloud Drive problem: if I work “live” off a file in iCloud Drive, when I save or it auto-saves, the iCloud Drive state becomes briefly confused and the app I’m using often loads the previous version of the file—iCloud seems to revert temporarily and then download the new one, which is not ideal.

I only use Nisus Writer Pro with iCloud Drive, and I can be typing away and suddenly the file reverts back before recent changes. If I don’t keep typing, I can sometimes execute Undo, and it “reverts” to the version with my changes. If I type but a single key, changes are wiped out. I can then use the File > Versions command sometimes to go back one version and recapture the changes. Often, not.

I noted this on Twitter and a few people have this happen with other apps, too. No explanation as to why. I have gigabit Internet, and I have some wonder if low-latency is playing havoc: is the upload so rapid that iCloud Drive in macOS doesn’t update to reflect changes quickly enough and has cached an older version?

Whatever the reason, Dropbox does not have this problem, so I now have to copy files on iCloud Drive to Dropbox to edit while retaining the version history I want and sometimes need.

1 Like

My mistake—it should be Command-Shift-. — I just biffed it when typing.

I’ve updated the article.

1 Like

OneDrive has a similar issue, but at least the error message makes it clear, and it’s consistent whether you are the file owner or not. Starting with the OneDrive version that is compatible with Monterey 12.3, when you delete a file from OneDrive using the Finder, you get an warning message that it will not be saved in the Trash. If you go ahead with the delete, it is instead saved in the OneDrive Recycle Bin (in the cloud) and can be restored from there. This approach appears to have been triggered by the new Apple cloud management model.

Thanks for the details! I hadn’t previously considered that the new Apple cloud management model would change this behavior, and while I’m not super happy about deleted files not ending up in the local Trash as well, at least they’re in the OneDrive Recycle Bin in the cloud.

So now Apple just has to catch up with all the independent cloud services that are playing by Apple’s rules. ;-)

Remember AppleShare? Mac OS X Server? Any AFP server has the exact same behavior. Delete a file when you are connected to one using macOS/Mac OS X and it’s gone instantly. No Trash or any other recovery method.

Back in OS 9 and previous, there was a Network Trash folder (IIRC, by user), so you could trash a file and it would appear in your trash when you were connected.

Apple is just being consistent.

Should it work like in the OS 9 days? I think that would be far better solution for both iCloud Drive and any AFP or SMB server sharepoint.



I seem to remember you would get a warning message to that effect.

Just sent feedback to Apple, as requested.
I don’t share my folders but I do work on a lot of different devices and that way I can always access important files ( and they are ) from those devices. The thought of inadvertently losing those files makes me shiver. After reading this I am considering to move over to DropBox.

Can you lock a file to prevent it from being trashed?

Presumably that also prevents people from editing the file, but is there any difference between deleting a file and deleting its contents?

… unless iCloud Drive supports Versions.

I don’t if locking would have the effect you want, but it’s sort of moot because the entire point of sharing a folder and allowing participants to make changes is that you want them to make changes. You can always share an iCloud folder as “view only,” which prevents the files from be deleted, but also prevents them from being changed.

1 Like

I only use iCloud Drive for home use.

All our family home paperwork is stored digitally on my 2TB Mac Mini ('Optimise" storage is off). But so my other half can see it, I share with “read-only access” my whole documents folder with her (so she can read all our bills, and all associated comms docs, etc. for reference).

Then when she needs to edit a a doc, I make a temporary copy, and share that in our “read & edit access” shared folder, then copy-paste the whole text back again to the read-only version when done and delete the temp version.

I did this regardless of knowing about this bug, as I like to keep the folder structure and know how easy it is for multi-person access to get confusing and difficult to maintain, with deletions.

This only works as she rarely edits info (I do most boring household admin paperwork, lol!). But for more complex needs with constant access and editing requirements, it wouldn’t. So this issue doesn’t sound good for most users.