Mail Privacy Protection Seemingly Undermined by Apple Watch [Updated]

The security provided by Apple's Mail Privacy Protection feature is seemingly undermined by a lack of Apple Watch support, security researchers have found.

ios15 mail privacy feature
Mail Privacy Protection is a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP address so senders are not able to determine your location or link email habits to your other online activity. It also prevents senders from tracking whether you opened an email, how many times you viewed an email, and whether you forwarded the email.

The feature works by routing all content downloaded by the Mail app through multiple proxy servers to strip your IP address, and then it assigns a random IP address that corresponds to your general region, making email senders see generic information rather than specific information about you.

Apple's legal documentation on Mail Privacy Protection indicates that the feature is available for iPhone, iPad, and Mac only, but security researchers and developers Talal Haj Bakry and Tommy Mysk have discovered that since the Apple Watch does not hide a recipient's IP address, it can compromise the overall security provided by Mail Privacy Protection.

The Apple Watch downloads remote content, such as images, using the recipient's real IP address, both when receiving a Mail notification and when opening an email, meaning that even for users who have enabled Mail Privacy Protection on their ‌iPhone‌, their IP address is exposed.

While Mail Privacy Protection is a feature exclusive to ‌iOS 15‌, ‌iPadOS 15‌, and ‌macOS Monterey‌, the fact that simply receiving a Mail notification on the Apple Watch can reveal a user's IP address and bypass Mail Privacy Protection on other devices seems to be an oversight and we have reached out to Apple for comment.

Update: The same security researchers have now highlighted that iCloud Private Relay is also unavailable on the Apple Watch, meaning that a user's IP address can be exposed when opening links in the Messages app.

‌iCloud‌ Private Relay is an Apple service that ensures Safari traffic leaving an ‌iPhone‌, ‌iPad‌, or Mac is encrypted. It uses two separate internet relays to ensure that companies cannot access personal information like IP address, location, and browsing information to create a detailed profile about you.

Users who have ‌iCloud‌ Private Relay enabled on their other devices should be aware that their IP address is still discoverable from Apple Watch activity.

Related Roundups: watchOS 8 , watchOS 9

Top Rated Comments

BootsWalking Avatar
10 months ago
My Apple Watch notified me that my heart rate increased unexpectedly while I was reading this article.
Score: 20 Votes (Like | Disagree)
antiprotest Avatar
10 months ago
Slipping more and more on privacy and security while adding more and more "safety" and "child protection" features that could compromise privacy and security.
Score: 13 Votes (Like | Disagree)
nwcs Avatar
10 months ago
I found mail on the watch is kinda useless. It doesn't stay in sync very well and often shows me old content. Easy enough to just disable the notification and turn off load remote images for the watch. Problem solved until a better fix comes along.
Score: 9 Votes (Like | Disagree)
GermanSuplex Avatar
10 months ago
Apple is great, but some of their oversights are mind-boggling. For instance - you still can't mass-delete messages from the watch. Does nobody in Apple wearing an Apple Watch get tired of having to do that? I surely can't be the only one?

And given that virtually everyone with an Apple Watch use an iPhone and other iOS/Mac OS devices, this comes close to making the mail privacy features useless.
Score: 7 Votes (Like | Disagree)
_Spinn_ Avatar
10 months ago
This seems like a major oversight.
Score: 6 Votes (Like | Disagree)
mazz0 Avatar
10 months ago
Apple have always been bad at this.

I have automatic downloading of images etc disabled so as not to inform spammers that they've hit an active address, which Mail allows you to do.

The problem is Mail doesn't show you the target of links in the email until you mouse-over (or long-touch) them, which also, by default, loads of a preview of the destination, thus giving the game away.

I hope Apple's servers are preloading/caching any of the proxied content, thus giving the game away before you've even opened the email. Anybody know for sure when they first download the content?

Edit: Oops! That should say I hope they aren’t pre-loading/caching!
Score: 6 Votes (Like | Disagree)

Related Stories

icloud

Apple Seemingly Adds Russia to List of Countries Where iCloud Private Relay Won't Be Available

Friday September 17, 2021 3:43 am PDT by
Alongside iOS 15, Apple introduced an iCloud+ service that adds new features to its paid ‌iCloud‌ plans. One of these features is ‌iCloud‌ Private Relay, which is designed to encrypt all of the traffic leaving your device so no one can intercept it or read it. According to Apple, "regulatory reasons" prevent the company from launching Private Relay in China, Belarus, Colombia, Egypt, ...
image 40

iOS 15.4 and watchOS 8.5 Allow You to Restore an Apple Watch Using an iPhone

Monday March 14, 2022 1:25 pm PDT by
Apple today published a new support document indicating that iOS 15.4 and watchOS 8.5 allow an Apple Watch to be restored with a nearby iPhone. The support document states that if an Apple Watch running watchOS 8.5 or later displays an animation showing an Apple Watch and iPhone being brought close together, customers can follow the steps below to initiate the restore process:1. Make sure...
ios15 mail privacy feature

Hide My Email Available in Mail App With New iOS 15.2 and macOS Monterey 12.1 Betas

Tuesday November 9, 2021 10:42 am PST by
iCloud+ subscribers who use Hide My Email can do so directly from the Mail app after installing the iOS 15.2, iPadOS 15.2, and macOS Monterey 12.1 betas that came out today. The feature update is outlined in Apple's release notes for the beta, and it should make Hide My Email much more convenient to use on Apple devices. For those unfamiliar with Hide My Email, it is an iOS 15 and macOS...
iCloud General Feature

UK Network Operators Target iCloud Private Relay in Complaint to Regulator

Sunday March 13, 2022 3:48 am PDT by
A group of UK network operators have formally urged the UK's Competition and Markets Authority (CMA) to regulate iCloud Private Relay, claiming that Apple's privacy service is anti-competitive, potentially bad for users, and a threat to national security. In its response to the CMA's Interim Report on mobile ecosystems, Mobile UK, a trade association of British mobile network operators,...
icloud mail redesign

Web-Based iCloud Mail Redesign, Hide My Email, and Custom Domain Features Now Live

Monday September 20, 2021 1:00 pm PDT by
Alongside the launch of iOS 15, iPadOS 15, tvOS 15, and watchOS 8, Apple has also pushed an update for its iCloud.com website, introducing a new look for iCloud Mail that's viewed on the web. The new web-based iCloud Mail design looks similar to the Mail apps on devices running iOS 15, iPadOS 15, and the beta version of macOS Monterey. It is a cleaner and more streamlined look than the prior ...
icloud private relay ios 15

Apple Says iOS 15.2 Included No Changes That Would Have Toggled iCloud Private Relay Off

Wednesday January 12, 2022 2:23 pm PST by
iOS 15.2 did not introduce a bug that turned iCloud Private Relay off for some users, Apple said in a statement that was provided to MacRumors. The statement was in response to a T-Mobile claim that iOS 15.2 had automatically toggled the iCloud Private Relay feature off for some users. iCloud Private Relay is an innovative internet privacy service that allows users with an iCloud+ subscription ...
icloud private relay unavailable

iCloud Private Relay Down for Some Users

Wednesday November 3, 2021 12:35 pm PDT by
Apple's iCloud Private Relay option is not working for some users, according to Apple's System Status page. The feature is experiencing an outage and is unavailable at the current time. According to Apple, the outage started at 11:40 a.m. Pacific Time and it is ongoing. Those who are having iCloud Private Relay issues may have received a notification letting them know that the feature is...
macos monterey microphone indicator

Apple Highlights New Privacy Features in iOS 15 and macOS Monterey, Including Microphone Indicator on Mac

Monday June 7, 2021 2:01 pm PDT by
Apple today previewed new privacy protections coming in iOS 15, iPadOS 15, macOS Monterey, and watchOS 8. The software updates are available in beta for developers starting today and will be publicly released later this year. First, a new App Privacy Report feature will let users see how often apps have used the permission they've previously granted to access their location, photos, camera,...

Popular Stories

Apple Watch Series 7 Starlight Midnight

Standard Apple Watch Series 8 Rumored to Feature Same Design as Series 7

Friday August 5, 2022 7:46 am PDT by
The standard 41mm and 45mm models of the Apple Watch Series 8 will feature the same design as the Apple Watch Series 7, according to Twitter user @ShrimpApplePro, who was first to reveal that iPhone 14 Pro models would feature a new pill-and-hole display. Titanium will not be an option for the standard Apple Watch Series 8 models either, according to @ShrimpApplePro, but Bloomberg's Mark...
cook sept 2020 event

Gurman: Apple Preparing Pre-Recorded iPhone 14 and Apple Watch Series 8 Event

Sunday August 7, 2022 6:13 am PDT by
Apple has "started to record" its virtual September event, where it's expected to announce the upcoming iPhone 14 lineup, the Apple Watch Series 8, and a new "rugged" Apple Watch model, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman says the event, which is expected to take place in the early part of September, is already under production, implying...
iPhone 14 Pro Purple Front and Back MacRumors Exclusive

Five iPhone 14 Rumors You May Have Missed

Thursday August 4, 2022 6:05 am PDT by
With August upon us, the countdown is officially on. We're just weeks away from when we're expecting Apple to announce the iPhone 14 lineup. Rumors of the next iPhone start early in the year, and as a result, some details about the upcoming device sometimes get lost in the crowd. Exclusive MacRumors iPhone 14 Pro renders by graphic designer Ian Zelbo To help MacRumors readers, we've created a ...
banish safari app pop ups

New iOS App Blocks Those Annoying 'Open in App' Pop-Ups in Safari

Friday August 5, 2022 2:47 am PDT by
You've probably experienced visiting a website like Reddit or LinkedIn on your iPhone only to be greeted with an annoying, almost full-screen pop-up urging you to view the content in their app instead of on the website. It's a common practice for websites that have accompanying iOS apps to push users to open (if they already have the app installed) or download their app from the App Store to ...
top stories 7aug22

Top Stories: iPadOS 16 Delayed, iPhone 14 Pro Rumors, Studio Display Speaker Issues

Saturday August 6, 2022 6:00 am PDT by
The big Apple news this week was word that the upcoming iPadOS 16 update apparently won't be arriving alongside its counterpart update for the iPhone in September, largely due to a need to continue refining the new Stage Manager multitasking feature. Other popular stories this week included more hints about the iPhone 14 Pro's rumored always-on display, potential design leaks for the...