Mail Privacy Protection Seemingly Undermined by Apple Watch [Updated]

The security provided by Apple's Mail Privacy Protection feature is seemingly undermined by a lack of Apple Watch support, security researchers have found.

ios15 mail privacy feature
Mail Privacy Protection is a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP address so senders are not able to determine your location or link email habits to your other online activity. It also prevents senders from tracking whether you opened an email, how many times you viewed an email, and whether you forwarded the email.

The feature works by routing all content downloaded by the Mail app through multiple proxy servers to strip your IP address, and then it assigns a random IP address that corresponds to your general region, making email senders see generic information rather than specific information about you.

Apple's legal documentation on Mail Privacy Protection indicates that the feature is available for iPhone, iPad, and Mac only, but security researchers and developers Talal Haj Bakry and Tommy Mysk have discovered that since the Apple Watch does not hide a recipient's IP address, it can compromise the overall security provided by Mail Privacy Protection.

The Apple Watch downloads remote content, such as images, using the recipient's real IP address, both when receiving a Mail notification and when opening an email, meaning that even for users who have enabled Mail Privacy Protection on their ‌iPhone‌, their IP address is exposed.

While Mail Privacy Protection is a feature exclusive to iOS 15, iPadOS 15, and macOS Monterey, the fact that simply receiving a Mail notification on the Apple Watch can reveal a user's IP address and bypass Mail Privacy Protection on other devices seems to be an oversight and we have reached out to Apple for comment.

Update: The same security researchers have now highlighted that iCloud Private Relay is also unavailable on the Apple Watch, meaning that a user's IP address can be exposed when opening links in the Messages app.

‌iCloud‌ Private Relay is an Apple service that ensures Safari traffic leaving an ‌iPhone‌, ‌iPad‌, or Mac is encrypted. It uses two separate internet relays to ensure that companies cannot access personal information like IP address, location, and browsing information to create a detailed profile about you.

Users who have ‌iCloud‌ Private Relay enabled on their other devices should be aware that their IP address is still discoverable from Apple Watch activity.

Related Roundup: watchOS 10
Related Forum: Apple Watch

Top Rated Comments

BootsWalking Avatar
31 months ago
My Apple Watch notified me that my heart rate increased unexpectedly while I was reading this article.
Score: 20 Votes (Like | Disagree)
antiprotest Avatar
31 months ago
Slipping more and more on privacy and security while adding more and more "safety" and "child protection" features that could compromise privacy and security.
Score: 13 Votes (Like | Disagree)
nwcs Avatar
31 months ago
I found mail on the watch is kinda useless. It doesn't stay in sync very well and often shows me old content. Easy enough to just disable the notification and turn off load remote images for the watch. Problem solved until a better fix comes along.
Score: 9 Votes (Like | Disagree)
GermanSuplex Avatar
31 months ago
Apple is great, but some of their oversights are mind-boggling. For instance - you still can't mass-delete messages from the watch. Does nobody in Apple wearing an Apple Watch get tired of having to do that? I surely can't be the only one?

And given that virtually everyone with an Apple Watch use an iPhone and other iOS/Mac OS devices, this comes close to making the mail privacy features useless.
Score: 7 Votes (Like | Disagree)
_Spinn_ Avatar
31 months ago
This seems like a major oversight.
Score: 6 Votes (Like | Disagree)
mazz0 Avatar
31 months ago
Apple have always been bad at this.

I have automatic downloading of images etc disabled so as not to inform spammers that they've hit an active address, which Mail allows you to do.

The problem is Mail doesn't show you the target of links in the email until you mouse-over (or long-touch) them, which also, by default, loads of a preview of the destination, thus giving the game away.

I hope Apple's servers are preloading/caching any of the proxied content, thus giving the game away before you've even opened the email. Anybody know for sure when they first download the content?

Edit: Oops! That should say I hope they aren’t pre-loading/caching!
Score: 6 Votes (Like | Disagree)

Popular Stories

reset password request iphone

Warning: Apple Users Targeted in Phishing Attack Involving Rapid Password Reset Requests

Tuesday March 26, 2024 4:34 pm PDT by
Phishing attacks taking advantage of Apple's password reset feature have become increasingly common, according to a report from KrebsOnSecurity. Multiple Apple users have been targeted in an attack that bombards them with an endless stream of notifications or multi-factor authentication (MFA) messages in an attempt to cause panic so they'll respond favorably to social engineering. An...
iPhone Home Screen Gradient Blank Spaces 1

Sources: iOS 18 Lets Apps Be Placed Anywhere on Home Screen Grid

Sunday March 24, 2024 1:33 pm PDT by
iOS 18 will give iPhone users greater control over Home Screen app icon arrangement, according to sources familiar with the matter. While app icons will likely remain locked to an invisible grid system on the Home Screen, to ensure there is some uniformity, our sources say that users will be able to arrange icons more freely on iOS 18. For example, we expect that the update will introduce...
iPad Pro 2024 Landscape Camera Feature

New iPad Pro Again Rumored to Feature Landscape Front-Facing Camera

Monday March 25, 2024 5:43 am PDT by
The next-generation iPad Pro will feature a landscape-oriented front-facing camera for the first time, according to the Apple leaker known as "Instant Digital." Instant Digital reiterated the design change earlier today on Weibo with a simple accompanying 2D image. The post reveals that the entire TrueDepth camera array will move to the right side of the device, while the microphone will...
maxresdefault

Apple Announces WWDC 2024 Event for June 10 to 14

Tuesday March 26, 2024 10:02 am PDT by
Apple today announced that its 35th annual Worldwide Developers Conference is set to take place from Monday, June 10 to Friday, June 14. As with WWDC events since 2020, WWDC 2024 will be an online event that is open to all developers at no cost. Subscribe to the MacRumors YouTube channel for more videos. WWDC 2024 will include online sessions and labs so that developers can learn about new...
sonoma desktop wwdc

Apple Releases macOS Sonoma 14.4.1 With Fix for USB Hub Bug

Monday March 25, 2024 10:10 am PDT by
Apple today released macOS Sonoma 14.4.1, a minor update for the macOS Sonoma operating system that launched last September. macOS Sonoma 14.4.1 comes three weeks after macOS Sonoma 14.4. The ‌‌‌‌macOS Sonoma‌‌ 14.4‌.1 update can be downloaded for free on all eligible Macs using the Software Update section of System Settings. There's also a macOS 13.6.6 release for those who...
Generic iOS 18 Feature Purple

iOS 18 Will Finally Bring This Android Feature to iPhone

Monday March 25, 2024 6:42 am PDT by
iOS 18 will allow iPhone users to place app icons anywhere on the Home Screen grid, according to sources familiar with development of the software update. This basic feature has long been available on Android smartphones. While app icons will likely remain locked to an invisible grid system on the Home Screen, our sources said that users will be able to arrange icons more freely on iOS 18....
apple maps 3d feature

Apple Maps May Gain Custom Routes With iOS 18

Tuesday March 26, 2024 3:10 pm PDT by
Apple may be planning to add support for "custom routes" in Apple Maps in iOS 18, according to code reviewed by MacRumors. Apple Maps does not currently offer a way to input self-selected routes, with Maps users limited to Apple's pre-selected options, but that may change in iOS 18. Apple has pushed an iOS 18 file to its maps backend labeled "CustomRouteCreation." While not much is revealed...