Mail Privacy Protection Seemingly Undermined by Apple Watch [Updated]

by

The security provided by Apple's Mail Privacy Protection feature is seemingly undermined by a lack of Apple Watch support, security researchers have found.

ios15 mail privacy feature
Mail Privacy Protection is a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP address so senders are not able to determine your location or link email habits to your other online activity. It also prevents senders from tracking whether you opened an email, how many times you viewed an email, and whether you forwarded the email.

The feature works by routing all content downloaded by the Mail app through multiple proxy servers to strip your IP address, and then it assigns a random IP address that corresponds to your general region, making email senders see generic information rather than specific information about you.

Apple's legal documentation on Mail Privacy Protection indicates that the feature is available for iPhone, iPad, and Mac only, but security researchers and developers Talal Haj Bakry and Tommy Mysk have discovered that since the Apple Watch does not hide a recipient's IP address, it can compromise the overall security provided by Mail Privacy Protection.

The Apple Watch downloads remote content, such as images, using the recipient's real IP address, both when receiving a Mail notification and when opening an email, meaning that even for users who have enabled Mail Privacy Protection on their ‌iPhone‌, their IP address is exposed.

While Mail Privacy Protection is a feature exclusive to iOS 15, iPadOS 15, and macOS Monterey, the fact that simply receiving a Mail notification on the Apple Watch can reveal a user's IP address and bypass Mail Privacy Protection on other devices seems to be an oversight and we have reached out to Apple for comment.

Update: The same security researchers have now highlighted that iCloud Private Relay is also unavailable on the Apple Watch, meaning that a user's IP address can be exposed when opening links in the Messages app.

‌iCloud‌ Private Relay is an Apple service that ensures Safari traffic leaving an ‌iPhone‌, ‌iPad‌, or Mac is encrypted. It uses two separate internet relays to ensure that companies cannot access personal information like IP address, location, and browsing information to create a detailed profile about you.

Users who have ‌iCloud‌ Private Relay enabled on their other devices should be aware that their IP address is still discoverable from Apple Watch activity.

Related Roundup: watchOS 26
Related Forum: Apple Watch

Popular Stories

Low Cost MacBook Feature A18 Pro

Apple Is Expected to Launch These Four MacBooks in 2026

Friday January 9, 2026 8:17 am PST by
2026 could be a bumper year for Apple's Mac lineup, with the company expected to announce as many as four separate MacBook launches. Rumors suggest Apple will court both ends of the consumer spectrum, with more affordable options for students and feature-rich premium lines for users that seek the highest specifications from a laptop. Subscribe to the MacRumors YouTube channel for more videos. ...
Read Full Article114 comments
iPhone Top Left Hole Punch Face ID Feature Purple

10 Reasons to Wait for This Year's iPhone 18 Pro

Thursday January 8, 2026 2:56 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article75 comments
iOS 18 Siri Personal Context

Apple Confirms Google Gemini Will Power Next-Generation Siri This Year

Monday January 12, 2026 7:38 am PST by
In a statement shared with CNBC today, Apple confirmed that Google Gemini will power the next-generation version of Siri that is slated to launch later this year. "After careful evaluation, we determined that Google's technology provides the most capable foundation for Apple Foundation Models and we're excited about the innovative new experiences it will unlock for our users," the statement...
Read Full Article228 comments
iOS 18 Siri Personal Context

Elon Musk Reacts to Apple and Google Teaming on Gemini-Powered Siri

Monday January 12, 2026 11:38 am PST by
Elon Musk today expressed concern about Apple and Google partnering on a more personalized version of Siri powered by Google's generative AI platform Gemini. "This seems like an unreasonable concentration of power for Google, given that [they] also have Android and Chrome," wrote Musk, in a post on X. Musk serves as CEO of xAI, the company behind Gemini competitor Grok. It is unlikely...
Read Full Article139 comments
iOS 26

Here's What's New in iOS 26.3 So Far

Monday January 12, 2026 1:15 pm PST by
Apple today seeded the second beta of iOS 26.3, nearly a month after the first beta. So far, the update includes a couple of new features for iPhones. iOS 15.3 through iOS 18.3 were all released in late January over the years, so it is thereby likely that iOS 26.3 will be released towards the end of this month as well. The update is compatible with the iPhone 11 series and newer. Below,...
Read Full Article26 comments
proposed unicode emoji 18%402x

Squinting Face, Pickle, and Lighthouse Among New Emoji Coming to iOS

Friday January 9, 2026 4:24 am PST by
The Unicode Consortium has published a draft list of emoji that could come to smartphones and other devices in the future. The list shared by Emojipedia outlines 19 emoji candidates under consideration for Emoji 18.0, which is expected to be finalized in September 2026. Among the proposed additions are a squinting face emoji, left- and right-pointing thumb gestures, a pickle, a lighthouse, a ...
Read Full Article80 comments
apple homekit ios 18 5

Apple Reminding Users of Pending Home App Upgrade Requirement

Friday January 9, 2026 10:08 am PST by
Back in late 2022 and early 2023, Apple rolled out a new architecture for its Apple Home platform to deliver improved performance and compatibility, although the rollout came with some hiccups that forced Apple to pull and later re-release the upgrade. Three years later, Apple is now on the verge of ending support for the old version of the Home architecture, which may result in access to...
Read Full Article90 comments
Apple Intelligence iPhone 16

Google Gemini Partnership With Apple Will Go Beyond Siri Revamp

Monday January 12, 2026 8:48 am PST by
Apple and Google today announced that Google Gemini will help power not only a more personalized version of Siri, but a range of future Apple Intelligence features. "Apple and Google have entered into a multi-year collaboration under which the next generation of Apple Foundation Models will be based on Google's Gemini models and cloud technology," the companies said, in a statement. "These...
Read Full Article183 comments

Top Rated Comments

BootsWalking Avatar
BootsWalking
54 months ago
My Apple Watch notified me that my heart rate increased unexpectedly while I was reading this article.
Score: 20 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
54 months ago
Slipping more and more on privacy and security while adding more and more "safety" and "child protection" features that could compromise privacy and security.
Score: 13 Votes (Like | Disagree)
nwcs Avatar
nwcs
54 months ago
I found mail on the watch is kinda useless. It doesn't stay in sync very well and often shows me old content. Easy enough to just disable the notification and turn off load remote images for the watch. Problem solved until a better fix comes along.
Score: 9 Votes (Like | Disagree)
GermanSuplex Avatar
GermanSuplex
54 months ago
Apple is great, but some of their oversights are mind-boggling. For instance - you still can't mass-delete messages from the watch. Does nobody in Apple wearing an Apple Watch get tired of having to do that? I surely can't be the only one?

And given that virtually everyone with an Apple Watch use an iPhone and other iOS/Mac OS devices, this comes close to making the mail privacy features useless.
Score: 7 Votes (Like | Disagree)
_Spinn_ Avatar
_Spinn_
54 months ago
This seems like a major oversight.
Score: 6 Votes (Like | Disagree)
mazz0 Avatar
mazz0
54 months ago
Apple have always been bad at this.

I have automatic downloading of images etc disabled so as not to inform spammers that they've hit an active address, which Mail allows you to do.

The problem is Mail doesn't show you the target of links in the email until you mouse-over (or long-touch) them, which also, by default, loads of a preview of the destination, thus giving the game away.

I hope Apple's servers are preloading/caching any of the proxied content, thus giving the game away before you've even opened the email. Anybody know for sure when they first download the content?

Edit: Oops! That should say I hope they aren’t pre-loading/caching!
Score: 6 Votes (Like | Disagree)
Read All Comments