Is Deep File Erasing/Shreeding Needed In GrapheneOS?

dogmaster "Does GrapheneOS natively delete files sufficiently well that 3rd party erasing/shredding apps are not required?", yes

dogmaster "File data is encrypted with AES-256-XTS and file names with AES-256-CTS. A unique key is derived using HKDF-SHA512 for each regular file, directory and symbolic link from the per-profile encryption keys, or the global encryption key for non-sensitive data stored outside of profiles. The directory key is used to encrypt the file names. GrapheneOS increases the file name padding from 16 bytes to 32 bytes. AES-256-XTS with the global encryption key is also used to encrypt filesystem metadata as a whole beyond the finer-grained file name encryption." -FQA

Once a key is gone, the file data isn't going to be recoverable

raccoondad Once a key is gone, the file data isn't going to be recoverable

There was some discussion about this some months back. What you wrote was the understanding I stated, but there was some disagreement or at least hesitation by people with forensics background. I think it may matter what the derivation function is, exactly.

File data is not overwritten after deletion though. How much that matters is debateable.

dogmaster Here is the previous thread where my understanding/misunderstanding was contested: https://discuss.grapheneos.org/d/8282-restoring-deleted-videos

I think "deep erasing" utilities are only useful on spinning disk storage, on wear-leveled media like SSDs and flash storage you have no control over which blocks are actually "overwritten".