Is the iPhone Hidden Album Actually Secure? What It Really Protects

The iPhone Hidden album does what most people want it to — keep a few photos out of the main camera roll — but it isn't a separate, encrypted compartment. Since iOS 16 it locks behind your Face ID, Touch ID, or device passcode, and the underlying files are protected by the same iOS encryption that covers every photo on the device. The Hidden label changes what the Photos app shows. It doesn't add a second password layer.

What the Hidden album is

The Hidden album is a built-in part of Apple's Photos app. When you mark a photo or video as Hidden, it moves out of the Library, out of other albums, and off the Photos widget on your Home Screen. It still lives in your Photos library — it's just filtered out of the views you scroll through every day.

Since iOS 16, iPadOS 16.1, and macOS Ventura, the album is locked by default. Opening it requires Face ID, Touch ID, or the device passcode. You can also turn the album off entirely in Settings > Apps > Photos > Show Hidden Album, which removes it from the Utilities section so it isn't visible inside the Photos app at all.

How it actually works

Before iOS 16, the Hidden album was a folder anyone could tap — a feature gap users had asked Apple to close for years. The iOS 16 change added a biometric or passcode gate. That gate is the same Face ID, Touch ID, or passcode that unlocks your phone. There is no separate "Hidden album password" you can set.

Underneath the album, your hidden photos live exactly like every other file on a modern iPhone: encrypted at rest by iOS Data Protection. iOS gives each file a per-file key, wraps it with a class key tied to the hardware UID and your passcode, and hands the unwrapping to the Secure Enclave so the raw file key is never exposed to the rest of the system. Whether a photo sits in your camera roll, in a regular album, or in the Hidden album, the encryption is identical. The Hidden label is a display rule, not a cryptographic boundary.

Why this matters for your privacy

The Hidden album fits a narrow threat model. A partner glancing at your camera roll when you hand them an unlocked phone. A friend swiping through photos at a party. Someone looking over your shoulder. If you don't want those people stumbling onto a sensitive image, hiding it and turning Show Hidden Album off does the job.

It doesn't fit several other threat models:

• Someone who already knows your device passcode opens the Hidden album with that same passcode. There's no second secret to forget.
• With iCloud Photos on, photos you hide on one device are hidden on every device signed into the same Apple Account — including a shared family iPad or an old iPhone you forgot was still logged in.
• "Hidden" isn't "deleted." The files persist in your Photos library and in iCloud Photos, and they reappear immediately if Show Hidden Album is turned back on.

For more context, see why everyday photo privacy matters more than people think, and for the steps, the walkthrough for hiding photos in the Photos app.

How Privara handles this

For content you genuinely don't want anyone who can unlock your phone to find, the Hidden album is the wrong layer of defense. The right layer is a separate, encrypted vault with its own gate. That's the case Privara makes for itself, and it's the best way we know to keep this kind of content private.

Privara is an iOS app that looks and works exactly like a calculator. The vault opens only when you enter your PIN into the calculator — somebody borrowing your phone sees a working calculator, not a locked door. Inside, one AES-256-encrypted vault holds your private photos, videos, documents, AND contacts — all four content types, in the same place. There's no account to create and nothing is uploaded to a server by default; the contents stay on your device by design. A decoy PIN opens a separate vault for compartmentalization. Break-in detection captures a photo of anyone who enters the wrong PIN. Face ID or Touch ID can layer on top of your PIN for routine unlocks.

If that's how you'd like to handle private content on your iPhone, Privara is on the App Store.

Frequently asked questions

Does the iPhone Hidden album use a separate password?

No. In iOS 16 and later the album unlocks with the same Face ID, Touch ID, or device passcode you use to unlock the phone. There's no second password layer that only protects the Hidden album.

Are hidden photos encrypted on iPhone?

Every file on a modern iPhone is encrypted at rest by iOS Data Protection, including hidden photos. Hiding a photo doesn't add a new encryption layer; it changes how the Photos app displays the file, not how the file is stored.

Do hidden photos sync to iCloud and to my other devices?

Yes. If you use iCloud Photos, a photo you hide on your iPhone is hidden on every device signed into the same Apple Account, and it lives in the same iCloud Photos library as everything else.