Apple fixes Mail Privacy Protection privacy failure in Mail on the Apple Watch

by · 9to5Mac

Update 2: The security researcher who discovered the privacy failure reports that Apple has now fixed it.

As of iOS 15.4 and watchOS 8.5 the Mail app on the watch no longer leaks the IP address when downloading remote content. Remote content is blocked on the watch even when Mail Privacy Protection is on …

Original story:

Update: The same team has now discovered that the Apple Watch doesn’t use iCloud Private Relay either.

If you open links sent to you via iMessage on the Apple Watch, your real IP address will be exposed.

A developer and security researcher has discovered that the official Apple Watch Mail app fails to use the company’s own Mail Privacy Protection feature …

The feature was introduced as part of iOS 15 and was touted by Apple as offering three forms of privacy protection.

About Mail Privacy Protection

Apple says the feature protects your location, prevents tracking, and stops marketeers seeing whether or not you’ve opened an email.

Emails you receive may include hidden pixels that allow the email’s sender to learn information about you. As soon as you open an email, information about your Mail activity can be collected by the sender without transparency and an ability to control what information is shared. Email senders can learn when and how many times you opened their email, whether you forwarded the email, your Internet Protocol (IP) address and other data that can be used to build a profile of your behaviour and learn your location.

If you choose to turn it on, Mail Privacy Protection helps protect your privacy by preventing email senders, including Apple, from learning information about your Mail activity. When you receive an email in the Mail app, rather than downloading remote content when you open an email, Mail Privacy Protection downloads remote content in the background by default regardless of how you engage with the email. Apple does not learn any information about the content.

In addition, all remote content downloaded by Mail is routed through multiple proxy servers, preventing the sender from learning your IP address. Rather than share your IP address, which can allow the email sender to learn your location, Apple’s proxy network will randomly assign an IP address that corresponds only to the region your device is in. As a result, email senders will only receive generic information rather than information about your behaviour. Apple does not access your IP address.

The feature is enabled in Settings > Mail > Privacy Protection.

The Apple Watch Mail app fails to use it

Once enabled, the feature works with the Apple Mail app on the iPhone. However, it does not apply if you view emails – or even previews of them – on your Watch. The omission was discovered by Mysk.

He was able to demonstrate this by hosting an image on his own server, embedding it into an email, and then sending it. He then checked the IP address that downloaded the image and found that it was the real IP address of the Watch, not the proxy one which ought to be used with the privacy feature enabled.