Mail Privacy Protection Seemingly Undermined by Apple Watch

The security provided by Apple’s Mail Privacy Protection feature is seemingly undermined by a lack of Apple Watch support, security researchers have found.

Mail Privacy Protection is a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP address so senders are not able to determine your location or link email habits to your other online activity. It also prevents senders from tracking whether you opened an email, how many times you viewed an email, and whether you forwarded the email.

iOS 15: How to Prevent Emails From Tracking You With Mail Privacy Protection

The feature works by routing all content downloaded by the Mail app through multiple proxy servers to strip your IP address, and then it assigns a random IP address that corresponds to your general region, making email senders see generic information rather than specific information about you.

Apple’s legal documentation on Mail Privacy Protection indicates that the feature is available for iPhone, iPad, and Mac only, but security researchers and developers Talal Haj Bakry and Tommy Mysk have discovered that since the Apple Watch does not hide a recipient’s IP address, it can compromise the overall security provided by Mail Privacy Protection.

Heads-up: The mail privacy protection introduced in iOS 15 doesn’t apply to the Mail app on the Apple Watch. Both the Mail app and the notification preview on the Apple Watch download remote content using your real IP address.#Cybersecurity #iOS pic.twitter.com/o0lh9rPQTd— Mysk ???? (@mysk_co) November 15, 2021

The Apple Watch downloads remote content, such as images, using the recipient’s real IP address, both when receiving a Mail notification and when opening an email, meaning that even for users who have enabled Mail Privacy Protection on their ?iPhone?, their IP address is exposed.

While Mail Privacy Protection is a feature exclusive to ?iOS 15?, ?iPadOS 15?, and ?macOS Monterey?, the fact that simply receiving a Mail notification on the Apple Watch can reveal a user’s IP address and bypass Mail Privacy Protection on other devices seems to be an oversight and we have reached out to Apple for comment.Related Roundup: watchOS 8 Related Forum: iOS, Mac, tvOS, watchOS ProgrammingThis article, “Mail Privacy Protection Seemingly Undermined by Apple Watch” first appeared on MacRumors.comDiscuss this article in our forums

Go to Source
Author: Hartley Charlton