Mail Privacy Protection Seemingly Undermined by Apple Watch [Updated]

The security provided by Apple's Mail Privacy Protection feature is seemingly undermined by a lack of Apple Watch support, security researchers have found.

ios15 mail privacy feature
Mail Privacy Protection is a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP address so senders are not able to determine your location or link email habits to your other online activity. It also prevents senders from tracking whether you opened an email, how many times you viewed an email, and whether you forwarded the email.

The feature works by routing all content downloaded by the Mail app through multiple proxy servers to strip your IP address, and then it assigns a random IP address that corresponds to your general region, making email senders see generic information rather than specific information about you.

Apple's legal documentation on Mail Privacy Protection indicates that the feature is available for iPhone, iPad, and Mac only, but security researchers and developers Talal Haj Bakry and Tommy Mysk have discovered that since the Apple Watch does not hide a recipient's IP address, it can compromise the overall security provided by Mail Privacy Protection.

The Apple Watch downloads remote content, such as images, using the recipient's real IP address, both when receiving a Mail notification and when opening an email, meaning that even for users who have enabled Mail Privacy Protection on their ‌iPhone‌, their IP address is exposed.

While Mail Privacy Protection is a feature exclusive to iOS 15, iPadOS 15, and macOS Monterey, the fact that simply receiving a Mail notification on the Apple Watch can reveal a user's IP address and bypass Mail Privacy Protection on other devices seems to be an oversight and we have reached out to Apple for comment.

Update: The same security researchers have now highlighted that iCloud Private Relay is also unavailable on the Apple Watch, meaning that a user's IP address can be exposed when opening links in the Messages app.

‌iCloud‌ Private Relay is an Apple service that ensures Safari traffic leaving an ‌iPhone‌, ‌iPad‌, or Mac is encrypted. It uses two separate internet relays to ensure that companies cannot access personal information like IP address, location, and browsing information to create a detailed profile about you.

Users who have ‌iCloud‌ Private Relay enabled on their other devices should be aware that their IP address is still discoverable from Apple Watch activity.

Related Roundup: watchOS 26
Related Forum: Apple Watch

Popular Stories

iOS 26

Everything New in iOS 26.1 Beta 1

Monday September 22, 2025 12:44 pm PDT by
Apple released the first beta of iOS 26.1 today, just a week after launching iOS 26. iOS 26.1 mainly adds new languages to Apple Intelligence, but there are a few other features that are worth knowing about. New Apple Intelligence Languages Apple Intelligence is now available in Danish, Dutch, Norwegian, Portuguese (Portugal), Swedish, Turkish, Chinese (Traditional), and Vietnamese. AirPo...
apple tv 4k new orange

Next Apple TV Expected to Launch This Year With These New Features

Monday September 22, 2025 10:00 am PDT by
The next Apple TV is expected to be released later this year, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the next Apple TV, according to rumors. Likely Features N1 Chip With Wi-Fi 7 Last year, Bloomberg's Mark Gurman said the next Apple TV would be equipped with Apple's own combined Wi-Fi and Bluetooth chip, which is...
Apple Intelligence General Feature 2

iOS 26.1 Adds New Apple Intelligence Languages and Expands AirPods Live Translation

Monday September 22, 2025 11:15 am PDT by
With iOS 26.1, Apple Intelligence is gaining support for additional languages, including Danish, Dutch, Norwegian, Portuguese (Portugal), Swedish, Turkish, Chinese (Traditional), and Vietnamese. Apple announced plans to expand the languages that can be used with Apple Intelligence last year, and now the added language support is here. Apple Intelligence is now available in the following...
Apple Foldable Thumb

Foldable iPhone Like 'Two Titanium iPhone Airs' Joined at the Hinge

Monday September 22, 2025 2:16 am PDT by
Next year's rumored foldable iPhone will showcase an ultra-thin design resembling "two titanium iPhone Airs side-by-side," according to Bloomberg's Mark Gurman. Writing in the Q&A section of his latest Power On newsletter, Gurman says Apple's first foldable device will be "super thin and a design achievement," combining Apple's thinnest iPhone form factor with cutting-edge folding...
iPhone 17 Pro and Air N1 Feature

Some iPhone 17, iPhone 17 Pro, and iPhone Air Users Experiencing Intermittent Wi-Fi Issue

Monday September 22, 2025 8:44 am PDT by
Apple's latest iPhone models launched on Friday, and some early adopters of the devices are experiencing intermittent Wi-Fi issues. Affected customers say Wi-Fi connectivity periodically cuts out on the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air, with hundreds of comments about the issue posted across the MacRumors Forums, Reddit, and the Apple Support Community over the...
iPhone 17 Pro and Air Feature

Two iPhone 17 Pro and iPhone Air Colors Appear to Scratch More Easily

Friday September 19, 2025 10:02 am PDT by
As reported by Bloomberg today, some of the new iPhone 17 Pro and iPhone Air models on display at Apple Stores today are already scratched and scuffed. French blog Consomac also reported on this topic. The scratches appear to be most prominent on models with darker finishes, including the iPhone 17 Pro and Pro Max in Deep Blue, and the iPhone Air in Space Black. Images Credit: Consoma ...
iPhone 17 Pro USB C Port

iPhone 17 Pro Max's USB-C Charging Speeds Tested With Apple Chargers

Monday September 22, 2025 7:29 am PDT by
The website ChargerLAB has tested the iPhone 17 Pro Max's USB-C charging speeds with a variety of Apple's chargers, from 18W to 140W. The device reached a peak charging speed of around 36W with the following Apple chargers:40W Dynamic Power Adapter with 60W Max 61W USB-C Power Adapter 67W USB-C Power Adapter 70W USB-C Power Adapter 96W USB-C Power Adapter 140W USB-C Power AdapterFor...
iOS 26

Apple Seeds First Betas of iOS 26.1, iPadOS 26.1, and macOS Tahoe 26.1

Monday September 22, 2025 10:05 am PDT by
Apple today provided developers with the first betas of upcoming iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, and visionOS 26.1 updates for testing purposes. The new betas are the first updates to the iOS, iPadOS, macOS 26, watchOS, tvOS, and visionOS releases that came out last week. The new betas can be downloaded from the Settings app on a compatible device by going...

Top Rated Comments

BootsWalking Avatar
50 months ago
My Apple Watch notified me that my heart rate increased unexpectedly while I was reading this article.
Score: 20 Votes (Like | Disagree)
antiprotest Avatar
50 months ago
Slipping more and more on privacy and security while adding more and more "safety" and "child protection" features that could compromise privacy and security.
Score: 13 Votes (Like | Disagree)
nwcs Avatar
50 months ago
I found mail on the watch is kinda useless. It doesn't stay in sync very well and often shows me old content. Easy enough to just disable the notification and turn off load remote images for the watch. Problem solved until a better fix comes along.
Score: 9 Votes (Like | Disagree)
GermanSuplex Avatar
50 months ago
Apple is great, but some of their oversights are mind-boggling. For instance - you still can't mass-delete messages from the watch. Does nobody in Apple wearing an Apple Watch get tired of having to do that? I surely can't be the only one?

And given that virtually everyone with an Apple Watch use an iPhone and other iOS/Mac OS devices, this comes close to making the mail privacy features useless.
Score: 7 Votes (Like | Disagree)
_Spinn_ Avatar
50 months ago
This seems like a major oversight.
Score: 6 Votes (Like | Disagree)
mazz0 Avatar
50 months ago
Apple have always been bad at this.

I have automatic downloading of images etc disabled so as not to inform spammers that they've hit an active address, which Mail allows you to do.

The problem is Mail doesn't show you the target of links in the email until you mouse-over (or long-touch) them, which also, by default, loads of a preview of the destination, thus giving the game away.

I hope Apple's servers are preloading/caching any of the proxied content, thus giving the game away before you've even opened the email. Anybody know for sure when they first download the content?

Edit: Oops! That should say I hope they aren’t pre-loading/caching!
Score: 6 Votes (Like | Disagree)