Wouldn’t the most likely attack be an angry (ex) spouse with physical access to a target’s phone placing images on it (and uploading to iCloud)? I haven’t seen this seemingly likely scenario discussed much.
- Those images would either have to be actual CSAM (illegal to distribute in the first place and generally hard to get)
- fake collision images are placed instead, and all that would do is push the multiple fake CSAM images to Apple's human reviewers who would then likely mark it as a false positive/spam. If the Apple reviewer makes a mistake and does report it as CSAM them the only risk (in the US) is law enforcement having probably cause for search & seizure to look for other CSAM.
- Those images would either have to be actual CSAM (illegal to distribute in the first place and generally hard to get)
- fake collision images are placed instead, and all that would do is push the multiple fake CSAM images to Apple's human reviewers who would then likely mark it as a false positive/spam. If the Apple reviewer makes a mistake and does report it as CSAM them the only risk (in the US) is law enforcement having probably cause for search & seizure to look for other CSAM.